Bug 1224780 (CVE-2024-35906) - VUL-0: REJECTED: CVE-2024-35906: kernel: drm/amd/display: Send DTBCLK disable message on first commit
Summary: VUL-0: REJECTED: CVE-2024-35906: kernel: drm/amd/display: Send DTBCLK disable...
Status: RESOLVED INVALID
Alias: CVE-2024-35906
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/406595/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-35906:0.0:(AV:...
Keywords:
Depends on:
Blocks: CVE-2024-35881
  Show dependency treegraph
 
Reported: 2024-05-21 08:11 UTC by SMASH SMASH
Modified: 2024-05-24 14:55 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-05-21 08:11:15 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Send DTBCLK disable message on first commit

[Why]
Previous patch to allow DTBCLK disable didn't address boot case. Driver
thinks DTBCLK is disabled by default, so we don't send disable message to
PMFW. DTBCLK is then enabled at idle desktop on boot, burning power.

[How]
Set dtbclk_en to true on boot so that disable message is sent during first
commit.

References:
https://git.kernel.org/stable/c/0dab75b433ed2480d57ae4f8f725186a46223e42
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35906
https://www.cve.org/CVERecord?id=CVE-2024-35906
https://git.kernel.org/stable/c/f341055b10bd8be55c3c995dff5f770b236b8ca9
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35906.mbox
Comment 1 Michal Hocko 2024-05-21 08:25:08 UTC 
This one has a follow up asking to revert this exact commit CVE-2024-35881.
Comment 4 Joey Lee 2024-05-21 10:35:37 UTC 
https://www.suse.com/security/cve/CVE-2024-35906.html
cvss 0
Comment 5 Michal Hocko 2024-05-21 16:22:00 UTC 
This patch has caused a regression. Let's close as invalid.
Comment 6 Andrea Mattiazzo 2024-05-22 08:28:40 UTC 
Closing as already fixed since fix 25358e04a43c that address the issue is already applied to SLE15-SP6 and ALP-current