CVE-2025-38080
drm/amd/display: Increase block_sequence array size
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
drm/amd/display: Increase block_sequence array size
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase block_sequence array size [Why] It's possible to generate more than 50 steps in hwss_build_fast_sequence, for example with a 6-pipe asic where all pipes are in one MPC chain. This overflows the block_sequence buffer and corrupts block_sequence_steps, causing a crash. [How] Expand block_sequence to 100 items. A naive upper bound on the possible number of steps for a 6-pipe asic, ignoring the potential for steps to be mutually exclusive, is 91 with current code, therefore 100 is sufficient.
Reserved 2025-04-16 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linuxgit.kernel.org/...c/de67e80ab48f1f23663831007a2fa3c1471a7757
git.kernel.org/...c/e55c5704b12eeea27e212bfab8f7e51ad3e8ac1f
git.kernel.org/...c/bf1666072e7482317cf2302621766482a21a62c7
git.kernel.org/...c/3a7810c212bcf2f722671dadf4b23ff70a7d23ee
Support options
