From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DB923BCD3A for ; Fri, 26 Jun 2026 19:42:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782502935; cv=none; b=oAfY7RdWvB1GL+hzqzYaLwcwq6wUd29A00xFm0KMgVtejJc7KsEOCzg2liK/l5GsG1fVfKvmnfMlbzeSlhzUolfTPGSdMY7bHj3NmTxZamQDN3eVWiObSd4V89xCadc6smjqeOky2Q5W0jyCDCGt4RX2nJrRk4+O/+td8Ynx9PU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782502935; c=relaxed/simple; bh=7FK1E8xA3OM4tCG3g7meZXginHbKa+XmGqcxeqzXxAg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=d1GQNpNjb0Yqj9KDLQd4CXhv0r6EejA1xfOVAFz38PTk/N1WbUa93PJHckx3/DAveXo1kMi1EjRm51v7/qDK80/Z0Su77c3QKaY0vqpxlYzfCHdRzQnhfHI602P+wZC6w9d+yKl7bGzsbwoaGRLccWF/aCSHdxZpNhDt5rWDVuE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=PdOC7z9T; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="PdOC7z9T" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 516411F00A3A; Fri, 26 Jun 2026 19:42:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=korg; t=1782502933; bh=HoDt32IrBs8YcXnn3HxJerGe2LMRajWL6HWAk5gZiaU=; h=From:To:Cc:Subject:Date:Reply-To; b=PdOC7z9Te5Rlb3E4HbM6WQl2GIJU1WCS8sM1PfFjfj4w9+oXg/adyppmoa1dIr+O4 cHOZ1RH69yhjeYZsij3sWYJB10IunLmEivAKDEINVS4L4SfK+Sjifqk+65ckwTD2s1 /TlYsE3Ey/QeuD00POqG1PmNOzUMo3nfqn/qPczQ= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2026-53293: drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG Date: Fri, 26 Jun 2026 20:40:26 +0100 Message-ID: <2026062617-CVE-2026-53293-e4ad@gregkh> X-Mailer: git-send-email 2.54.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3057; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=V6faH6SCnhudnqAYqloi6R48854hsv5gOjQLBEJtPZw=; b=owGbwMvMwCRo6H6F97bub03G02pJDFl2Vxd6xKUffJ/tvG6pn5RWWPD1LWcnRKz6e/h0+027i StmL1ixpSOWhUGQiUFWTJHlyzaeo/srDil6GdqehpnDygQyhIGLUwAm0rSWYcGid91SwmXnLp54 9sPlTbFO14MFR14wLFil/YPvwjmlB5L5Dhdvn6pbffGXlCgA X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG There were multiple issues in that code. First of all the order between the reset semaphore and the mm_lock was wrong (e.g. copy_to_user) was called while holding the lock. Then we allocated memory while holding the reset semaphore which is also a pretty big bug and can deadlock. Then we used down_read_trylock() instead of waiting for the reset to finish. (cherry picked from commit 361b6e6b303d4b691f6c5974d3eaab67ca6dd90e) The Linux kernel CVE team has assigned CVE-2026-53293 to this issue. Affected and fixed versions =========================== Issue introduced in 6.6.55 with commit 8361e3f7882876d98ba98cae0d3149450dd80912 and fixed in 6.6.141 with commit 8c4254c8f5836e77ae83e7fc037f02b69f7a0977 Issue introduced in 6.12 with commit 9e823f307074c0f82b5f6044943b0086e3079bed and fixed in 6.12.91 with commit 61957c2e467b39b528a290016367d32a433fa846 Issue introduced in 6.12 with commit 9e823f307074c0f82b5f6044943b0086e3079bed and fixed in 6.18.33 with commit a31c3feb54b15a90232e497ad0e27e8a82052d8d Issue introduced in 6.12 with commit 9e823f307074c0f82b5f6044943b0086e3079bed and fixed in 7.0.10 with commit 5c29d20470d4566d1b68df57097d642d01f8b427 Issue introduced in 6.12 with commit 9e823f307074c0f82b5f6044943b0086e3079bed and fixed in 7.1 with commit 0ef196a208385b7d7da79f411c161b04e97283e2 Issue introduced in 6.10.14 with commit 17a98c942cb106ec08564e8f43b5470a4dd5d3f6 Issue introduced in 6.11.3 with commit 9a98563345697bdb1d3410ff428473b2e781f4db Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-53293 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8c4254c8f5836e77ae83e7fc037f02b69f7a0977 https://git.kernel.org/stable/c/61957c2e467b39b528a290016367d32a433fa846 https://git.kernel.org/stable/c/a31c3feb54b15a90232e497ad0e27e8a82052d8d https://git.kernel.org/stable/c/5c29d20470d4566d1b68df57097d642d01f8b427 https://git.kernel.org/stable/c/0ef196a208385b7d7da79f411c161b04e97283e2