Re: CVE-2024-46808: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range

From: Michal Koutný
Date: Mon Sep 30 2024 - 14:58:55 EST

Next message: Tom Lendacky: "Re: [PATCH v3 3/8] x86/sev: Require the RMPREAD instruction after Fam19h"
Previous message: Steven Rostedt: "Re: [PATCH v14 04/19] function_graph: Replace fgraph_ret_regs with ftrace_regs"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2024-46808: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

On Fri, Sep 27, 2024 at 02:36:13PM GMT, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> In the Linux kernel, the following vulnerability has been resolved:
>
> drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range
>
> [Why & How]
> ASSERT if return NULL from kcalloc.
>
> The Linux kernel CVE team has assigned CVE-2024-46808 to this issue.

This is not a good CVE fix since it'd bring the system down for users
with panic_on_warn=1 anyway. (I wasn't able to `make
drivers/gpu/drm/amd/display/dc/link/protocols/link_dpcd.i` but I assume
the ASSERTs expand to one of the WARN_ONs, feel free to correct me.)

It'd need graceful handling of the kcalloc failure.

Michal

Attachment: signature.asc
Description: PGP signature

Next message: Tom Lendacky: "Re: [PATCH v3 3/8] x86/sev: Require the RMPREAD instruction after Fam19h"
Previous message: Steven Rostedt: "Re: [PATCH v14 04/19] function_graph: Replace fgraph_ret_regs with ftrace_regs"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2024-46808: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]