Bug 1224780 (CVE-2024-35906)

Summary: VUL-0: REJECTED: CVE-2024-35906: kernel: drm/amd/display: Send DTBCLK disable message on first commit
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: andrea.mattiazzo, jlee, mhocko, tzimmermann, vbabka
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/406595/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-35906:0.0:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1224779    

Description SMASH SMASH 2024-05-21 08:11:15 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Send DTBCLK disable message on first commit

[Why]
Previous patch to allow DTBCLK disable didn't address boot case. Driver
thinks DTBCLK is disabled by default, so we don't send disable message to
PMFW. DTBCLK is then enabled at idle desktop on boot, burning power.

[How]
Set dtbclk_en to true on boot so that disable message is sent during first
commit.

References:
https://git.kernel.org/stable/c/0dab75b433ed2480d57ae4f8f725186a46223e42
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35906
https://www.cve.org/CVERecord?id=CVE-2024-35906
https://git.kernel.org/stable/c/f341055b10bd8be55c3c995dff5f770b236b8ca9
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35906.mbox
Comment 1 Michal Hocko 2024-05-21 08:25:08 UTC 
This one has a follow up asking to revert this exact commit CVE-2024-35881.
Comment 4 Joey Lee 2024-05-21 10:35:37 UTC 
https://www.suse.com/security/cve/CVE-2024-35906.html
cvss 0
Comment 5 Michal Hocko 2024-05-21 16:22:00 UTC 
This patch has caused a regression. Let's close as invalid.
Comment 6 Andrea Mattiazzo 2024-05-22 08:28:40 UTC 
Closing as already fixed since fix 25358e04a43c that address the issue is already applied to SLE15-SP6 and ALP-current