| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024120351-slighted-canary-12a2@gregkh>
Date: Tue, 3 Dec 2024 09:50:02 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Zhang Zekun <zhangzekun11@...wei.com>
Cc: cve@...nel.org, linux-cve-announce@...r.kernel.org,
stable@...r.kernel.org, kevinyang.wang@....com,
alexander.deucher@....com, liuyongqiang13@...wei.com
Subject: Re: Possible wrong fix patch for some stable branches
On Tue, Dec 03, 2024 at 10:06:51AM +0800, Zhang Zekun wrote:
> Hi, All
>
> The mainline patch to fix CVE-2024-50282 add a check to fix a potential buffer overflow issue in amdgpu_debugfs_gprwave_read() which is introduced in commit 553f973a0d7b ("drm/amd/amdgpu: Update debugfs for XCC support (v3)"), but some linux-stable fix patches add the check in some other funcitons, is something wrong here?
>
> Stable version which contain the suspicious patches:
> Fixed in 4.19.324 with commit 673bdb4200c0: Fixed in amdgpu_debugfs_regs_smc_read()
> Fixed in 5.4.286 with commit 7ccd781794d2: Fixed in amdgpu_debugfs_regs_smc_read()
> Fixed in 5.10.230 with commit 17f5f18085ac: Fixed in amdgpu_debugfs_regs_pcie_write()
> Fixed in 5.15.172 with commit aaf6160a4b7f: Fixed in amdgpu_debugfs_regs_didt_write()
> Fixed in 6.1.117 with commit 25d7e84343e1: Fixed in amdgpu_debugfs_regs_pcie_write()
>
> Link to mainline fix patch:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d75b9468021c73108b4439794d69e892b1d24e3
If this is incorrect, can you send patches fixing this up?
thanks,
greg k-h
Powered by blists - more mailing lists