{"id":"AZL-54068","summary":"CVE-2024-50177 affecting package kernel 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix a UBSAN warning in DML2.1\n\nWhen programming phantom pipe, since cursor_width is explicity set to 0,\nthis causes calculation logic to trigger overflow for an unsigned int\ntriggering the kernel's UBSAN check as below:\n\n[   40.962845] UBSAN: shift-out-of-bounds in /tmp/amd.EfpumTkO/amd/amdgpu/../display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c:3312:34\n[   40.962849] shift exponent 4294967170 is too large for 32-bit type 'unsigned int'\n[   40.962852] CPU: 1 PID: 1670 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[   40.962854] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F21 01/10/2024\n[   40.962856] Call Trace:\n[   40.962857]  \u003cTASK\u003e\n[   40.962860]  dump_stack_lvl+0x48/0x70\n[   40.962870]  dump_stack+0x10/0x20\n[   40.962872]  __ubsan_handle_shift_out_of_bounds+0x1ac/0x360\n[   40.962878]  calculate_cursor_req_attributes.cold+0x1b/0x28 [amdgpu]\n[   40.963099]  dml_core_mode_support+0x6b91/0x16bc0 [amdgpu]\n[   40.963327]  ? srso_alias_return_thunk+0x5/0x7f\n[   40.963331]  ? CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport+0x18b8/0x2790 [amdgpu]\n[   40.963534]  ? srso_alias_return_thunk+0x5/0x7f\n[   40.963536]  ? dml_core_mode_support+0xb3db/0x16bc0 [amdgpu]\n[   40.963730]  dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu]\n[   40.963906]  ? srso_alias_return_thunk+0x5/0x7f\n[   40.963909]  ? dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu]\n[   40.964078]  core_dcn4_mode_support+0x72/0xbf0 [amdgpu]\n[   40.964247]  dml2_top_optimization_perform_optimization_phase+0x1d3/0x2a0 [amdgpu]\n[   40.964420]  dml2_build_mode_programming+0x23d/0x750 [amdgpu]\n[   40.964587]  dml21_validate+0x274/0x770 [amdgpu]\n[   40.964761]  ? srso_alias_return_thunk+0x5/0x7f\n[   40.964763]  ? resource_append_dpp_pipes_for_plane_composition+0x27c/0x3b0 [amdgpu]\n[   40.964942]  dml2_validate+0x504/0x750 [amdgpu]\n[   40.965117]  ? dml21_copy+0x95/0xb0 [amdgpu]\n[   40.965291]  ? srso_alias_return_thunk+0x5/0x7f\n[   40.965295]  dcn401_validate_bandwidth+0x4e/0x70 [amdgpu]\n[   40.965491]  update_planes_and_stream_state+0x38d/0x5c0 [amdgpu]\n[   40.965672]  update_planes_and_stream_v3+0x52/0x1e0 [amdgpu]\n[   40.965845]  ? srso_alias_return_thunk+0x5/0x7f\n[   40.965849]  dc_update_planes_and_stream+0x71/0xb0 [amdgpu]\n\nFix this by adding a guard for checking cursor width before triggering\nthe size calculation.","modified":"2026-04-01T05:18:11.266463Z","published":"2024-11-08T06:15:15Z","upstream":["CVE-2024-50177"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50177"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54068.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}