{ "threat_severity" : "Moderate", "public_date" : "2025-05-02T00:00:00Z", "bugzilla" : { "description" : "kernel: drm/i915/sseu: fix max_subslices array-index-out-of-bounds access", "id" : "2363788", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2363788" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/i915/sseu: fix max_subslices array-index-out-of-bounds access\nIt seems that commit bc3c5e0809ae (\"drm/i915/sseu: Don't try to store EU\nmask internally in UAPI format\") exposed a potential out-of-bounds\naccess, reported by UBSAN as following on a laptop with a gen 11 i915\ncard:\nUBSAN: array-index-out-of-bounds in drivers/gpu/drm/i915/gt/intel_sseu.c:65:27\nindex 6 is out of range for type 'u16 [6]'\nCPU: 2 PID: 165 Comm: systemd-udevd Not tainted 6.2.0-9-generic #9-Ubuntu\nHardware name: Dell Inc. XPS 13 9300/077Y9N, BIOS 1.11.0 03/22/2022\nCall Trace:\n\nshow_stack+0x4e/0x61\ndump_stack_lvl+0x4a/0x6f\ndump_stack+0x10/0x18\nubsan_epilogue+0x9/0x3a\n__ubsan_handle_out_of_bounds.cold+0x42/0x47\ngen11_compute_sseu_info+0x121/0x130 [i915]\nintel_sseu_info_init+0x15d/0x2b0 [i915]\nintel_gt_init_mmio+0x23/0x40 [i915]\ni915_driver_mmio_probe+0x129/0x400 [i915]\n? intel_gt_probe_all+0x91/0x2e0 [i915]\ni915_driver_probe+0xe1/0x3f0 [i915]\n? drm_privacy_screen_get+0x16d/0x190 [drm]\n? acpi_dev_found+0x64/0x80\ni915_pci_probe+0xac/0x1b0 [i915]\n...\nAccording to the definition of sseu_dev_info, eu_mask->hsw is limited to\na maximum of GEN_MAX_SS_PER_HSW_SLICE (6) sub-slices, but\ngen11_sseu_info_init() can potentially set 8 sub-slices, in the\n!IS_JSL_EHL(gt->i915) case.\nFix this by reserving up to 8 slots for max_subslices in the eu_mask\nstruct.\n(cherry picked from commit 3cba09a6ac86ea1d456909626eb2685596c07822)" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:7077", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-513.5.1.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53112\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53112\nhttps://lore.kernel.org/linux-cve-announce/2025050228-CVE-2023-53112-f86a@gregkh/T" ], "name" : "CVE-2023-53112", "csaw" : false }