Re: CVE-2024-39471: drm/amdgpu: add error handle to avoid out-of-bounds
From: Siddh Raman Pant
Date: Wed Jul 24 2024 - 06:24:43 EST
(Mail V2: Send to correct mailing list and CCing relevant people.)
On Tue, 25 Jun 2024 16:29:04 +0200, Greg Kroah-Hartman wrote:
> In the Linux kernel, the following vulnerability has been resolved:
>
> drm/amdgpu: add error handle to avoid out-of-bounds
>
> if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should
> be stop to avoid out-of-bounds read, so directly return -EINVAL.
>
> The Linux kernel CVE team has assigned CVE-2024-39471 to this issue.
This commit has a bug which was fixed by 6769a23697f1. It should be
immediately backported, otherwise this "fix" doesn't do anything since
gcc will optimise out the check.
Thanks,
Siddh
Attachment:
signature.asc
Description: This is a digitally signed message part