| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024073024-CVE-2024-42121-2b28@gregkh> Date: Tue, 30 Jul 2024 09:47:39 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-42121: drm/amd/display: Check index msg_id before read or write Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index msg_id before read or write [WHAT] msg_id is used as an array index and it cannot be a negative value, and therefore cannot be equal to MOD_HDCP_MESSAGE_ID_INVALID (-1). [HOW] Check whether msg_id is valid before reading and setting. This fixes 4 OVERRUN issues reported by Coverity. The Linux kernel CVE team has assigned CVE-2024-42121 to this issue. Affected and fixed versions =========================== Fixed in 5.10.222 with commit b5b8837d066c Fixed in 5.15.163 with commit fbb0701af973 Fixed in 6.1.98 with commit ae91ffbc8b8d Fixed in 6.6.39 with commit 9933eca6ada0 Fixed in 6.9.9 with commit a31ea49dc806 Fixed in 6.10 with commit 59d99deb330a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-42121 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b5b8837d066cc182ff69fb5629ad32ade5484567 https://git.kernel.org/stable/c/fbb0701af9734cff13917a4b98b5ee9da2fde48d https://git.kernel.org/stable/c/ae91ffbc8b8d942e3e7f188728cad557b7ed5ee4 https://git.kernel.org/stable/c/9933eca6ada0cd612e19522e7a319bcef464c0eb https://git.kernel.org/stable/c/a31ea49dc8064a557565725cf045944307476a6e https://git.kernel.org/stable/c/59d99deb330af206a4541db0c4da8f73880fba03
Powered by blists - more mailing lists