lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024102118-CVE-2024-49890-ba65@gregkh>
Date: Mon, 21 Oct 2024 20:01:38 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/pm: ensure the fw_info is not null before using it

This resolves the dereference null return value warning
reported by Coverity.

The Linux kernel CVE team has assigned CVE-2024-49890 to this issue.


Affected and fixed versions
===========================

	Fixed in 5.10.227 with commit 29f388945770
	Fixed in 5.15.168 with commit 9550d8d6f19f
	Fixed in 6.1.113 with commit fd5f4ac1a986
	Fixed in 6.6.55 with commit b511474f4958
	Fixed in 6.10.14 with commit 8adf4408d482
	Fixed in 6.11.3 with commit 016bf0294b40
	Fixed in 6.12-rc1 with commit 186fb12e7a7b

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-49890
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/29f388945770bd0a6c82711436b2bc98b0dfac92
	https://git.kernel.org/stable/c/9550d8d6f19fac7623f044ae8d9503825b325497
	https://git.kernel.org/stable/c/fd5f4ac1a986f0e7e9fa019201b5890554f87bcf
	https://git.kernel.org/stable/c/b511474f49588cdca355ebfce54e7eddbf7b75a5
	https://git.kernel.org/stable/c/8adf4408d482faa51b2c14e60bfd9946ec1911a4
	https://git.kernel.org/stable/c/016bf0294b401246471c6710c6bf9251616228b6
	https://git.kernel.org/stable/c/186fb12e7a7b038c2710ceb2fb74068f1b5d55a4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ