| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024061950-CVE-2024-38548-29a5@gregkh> Date: Wed, 19 Jun 2024 15:35:57 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-38548: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference Description =========== In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it in drm_mode_set_name(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mhdp_state->current_mode. The Linux kernel CVE team has assigned CVE-2024-38548 to this issue. Affected and fixed versions =========================== Issue introduced in 5.10 with commit fb43aa0acdfd and fixed in 5.10.219 with commit 85d1a27402f8 Issue introduced in 5.10 with commit fb43aa0acdfd and fixed in 5.15.161 with commit 89788cd9824c Issue introduced in 5.10 with commit fb43aa0acdfd and fixed in 6.1.93 with commit ca53b7efd4ba Issue introduced in 5.10 with commit fb43aa0acdfd and fixed in 6.6.33 with commit dcf53e6103b2 Issue introduced in 5.10 with commit fb43aa0acdfd and fixed in 6.8.12 with commit 32fb2ef124c3 Issue introduced in 5.10 with commit fb43aa0acdfd and fixed in 6.9.3 with commit 47889711da20 Issue introduced in 5.10 with commit fb43aa0acdfd and fixed in 6.10-rc1 with commit 935a92a1c400 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-38548 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/85d1a27402f81f2e04b0e67d20f749c2a14edbb3 https://git.kernel.org/stable/c/89788cd9824c28ffcdea40232c458233353d1896 https://git.kernel.org/stable/c/ca53b7efd4ba6ae92fd2b3085cb099c745e96965 https://git.kernel.org/stable/c/dcf53e6103b26e7458be71491d0641f49fbd5840 https://git.kernel.org/stable/c/32fb2ef124c3301656ac6c789a2ef35ef69a66da https://git.kernel.org/stable/c/47889711da20be9b43e1e136e5cb68df37cbcc79 https://git.kernel.org/stable/c/935a92a1c400285545198ca2800a4c6c519c650a
Powered by blists - more mailing lists