Re: CVE-2024-42308: drm/amd/display: Check for NULL pointer

From: Siddh Raman Pant
Date: Mon Oct 07 2024 - 07:02:16 EST


On Sat, 17 Aug 2024 11:10:13 +0200, Greg Kroah-Hartman wrote:
> In the Linux kernel, the following vulnerability has been resolved:
>
> drm/amd/display: Check for NULL pointer
>
> [why & how]
> Need to make sure plane_state is initialized
> before accessing its members.
>
> (cherry picked from commit 295d91cbc700651782a60572f83c24861607b648)
>
> The Linux kernel CVE team has assigned CVE-2024-42308 to this issue.

This commit is no-op / doesn't make any difference, as there is an
implicit NULL check rigth above it, as plane_state cannot be NULL
(checked at the start of function).

So this CVE should be invalid.

> Affected and fixed versions
> ===========================
>
> Fixed in 6.1.103 with commit f068494430d1
> Fixed in 6.6.44 with commit 4ccd37085976
> Fixed in 6.10.3 with commit 185616085b12
> Fixed in 6.11-rc1 with commit 4ab68e168ae1

This also got backported to older kernels.

Thanks,
Siddh

Attachment: signature.asc
Description: This is a digitally signed message part