Re: CVE-2024-46808: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range
From: Michal Koutný
Date: Mon Sep 30 2024 - 14:58:55 EST
Hello.
On Fri, Sep 27, 2024 at 02:36:13PM GMT, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> In the Linux kernel, the following vulnerability has been resolved:
>
> drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range
>
> [Why & How]
> ASSERT if return NULL from kcalloc.
>
> The Linux kernel CVE team has assigned CVE-2024-46808 to this issue.
This is not a good CVE fix since it'd bring the system down for users
with panic_on_warn=1 anyway. (I wasn't able to `make
drivers/gpu/drm/amd/display/dc/link/protocols/link_dpcd.i` but I assume
the ASSERTs expand to one of the WARN_ONs, feel free to correct me.)
It'd need graceful handling of the kcalloc failure.
Michal
Attachment:
signature.asc
Description: PGP signature