Deadlock Affecting kernel-kdump package, versions *


Severity

Recommended
low

Based on CentOS security rating.

Threat Intelligence

EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS6-KERNELKDUMP-6352189
  • published1 Mar 2024
  • disclosed29 Feb 2024

Introduced: 29 Feb 2024

CVE-2023-52485  (opens in a new tab)
CWE-833  (opens in a new tab)

How to fix?

There is no fixed version for Centos:6 kernel-kdump.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-kdump package and not the kernel-kdump package as distributed by Centos. See How to fix? for Centos:6 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Wake DMCUB before sending a command

[Why] We can hang in place trying to send commands when the DMCUB isn't powered on.

[How] For functions that execute within a DC context or DC lock we can wrap the direct calls to dm_execute_dmub_cmd/list with code that exits idle power optimizations and reallows once we're done with the command submission on success.

For DM direct submissions the DM will need to manage the enter/exit sequencing manually.

We cannot invoke a DMCUB command directly within the DM execution helper or we can deadlock.

CVSS Scores

version 3.1