| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024062138-CVE-2024-38390-395e@gregkh>
Date: Fri, 21 Jun 2024 12:19:45 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-38390: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer
dereference on:
msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL);
as gpu->pdev is only assigned in:
a6xx_gpu_init()
|_ adreno_gpu_init
|_ msm_gpu_init()
Instead of relying on handwavy null checks down the cleanup chain,
explicitly de-allocate the LLC data and free a6xx_gpu instead.
Patchwork: https://patchwork.freedesktop.org/patch/588919/
The Linux kernel CVE team has assigned CVE-2024-38390 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.1 with commit 76efc2453d0e and fixed in 6.1.93 with commit 247849eeb3fd
Issue introduced in 6.1 with commit 76efc2453d0e and fixed in 6.6.33 with commit a1955a6df913
Issue introduced in 6.1 with commit 76efc2453d0e and fixed in 6.9.4 with commit 617e3d168050
Issue introduced in 6.1 with commit 76efc2453d0e and fixed in 6.10-rc1 with commit 46d4efcccc68
Issue introduced in 6.0.10 with commit 5fea4202b5fa
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-38390
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/gpu/drm/msm/adreno/a6xx_gpu.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/247849eeb3fd88f8990ed73e33af70d5c10f9aec
https://git.kernel.org/stable/c/a1955a6df91355fef72a3a254700acd3cc1fec0d
https://git.kernel.org/stable/c/617e3d1680504a3f9d88e1582892c68be155498f
https://git.kernel.org/stable/c/46d4efcccc688cbacdd70a238bedca510acaa8e4
Powered by blists - more mailing lists