5.5

CVE-2026-53142

drm/xe/display: fix oops in suspend/shutdown without display

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/display: fix oops in suspend/shutdown without display

The xe driver keeps track of whether to probe display, and whether
display hardware is there, using xe->info.probe_display. It gets set to
false if there's no display after intel_display_device_probe(). However,
the display may also be disabled via fuses, detected at a later time in
intel_display_device_info_runtime_init().

In this case, the xe driver does for_each_intel_crtc() on uninitialized
mode config in xe_display_flush_cleanup_work(), leading to a NULL
pointer dereference, and generally calls display code with display info
cleared.

Check for intel_display_device_present() after
intel_display_device_info_runtime_init(), and reset
xe->info.probe_display as necessary. Also do unset_display_features()
for completeness, although display runtime init has already done
that. This will need to be unified across all cases later.

Move intel_display_device_info_runtime_init() call slightly earlier,
similar to i915, to avoid a bunch of unnecessary setup for no display
cases.

Note #1: The xe driver has no business doing low level display plumbing
like for_each_intel_crtc() to begin with. It all needs to happen in
display code.

Note #2: The actual bug is present already in commit 44e694958b95
("drm/xe/display: Implement display support"), but the oops was likely
introduced later at commit ddf6492e0e50 ("drm/xe/display: Make display
suspend/resume work on discrete").

(cherry picked from commit 7c3eb9f47533220888a67266448185fd0775d4da)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.8 < 6.12.95
LinuxLinux Kernel Version >= 6.13 < 6.18.36
LinuxLinux Kernel Version >= 6.19 < 7.0.13
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
LinuxLinux Kernel Version7.1 Updaterc3
LinuxLinux Kernel Version7.1 Updaterc4
LinuxLinux Kernel Version7.1 Updaterc5
LinuxLinux Kernel Version7.1 Updaterc6
LinuxLinux Kernel Version7.1 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.023
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/0f68ddfaaebfbb5581ee931779757d31f4dc9e24
Patch
https://git.kernel.org/stable/c/238bcdaae8f2abc65e182de7d1f69cf8f611a610
Patch
https://git.kernel.org/stable/c/68938cc08e23a94fd881e845837ff918de005ce7
Patch
https://git.kernel.org/stable/c/ddf1fe4c043aa42e46aef87b815d5deeed2fcd7b
Patch