CVE-2024-53108

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Adjust VSDB parser for replay feature<br /> <br /> At some point, the IEEE ID identification for the replay check in the<br /> AMD EDID was added. However, this check causes the following<br /> out-of-bounds issues when using KASAN:<br /> <br /> [ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu]<br /> [ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383<br /> <br /> ...<br /> <br /> [ 27.821207] Memory state around the buggy address:<br /> [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br /> [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br /> [ 27.821234] &gt;ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc<br /> [ 27.821243] ^<br /> [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc<br /> [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br /> [ 27.821268] ==================================================================<br /> <br /> This is caused because the ID extraction happens outside of the range of<br /> the edid lenght. This commit addresses this issue by considering the<br /> amd_vsdb_block size.<br /> <br /> (cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)