| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022652-CVE-2021-47659-ba18@gregkh> Date: Wed, 26 Feb 2025 03:04:53 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47659: drm/plane: Move range check for format_count earlier Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for format_count earlier While the check for format_count > 64 in __drm_universal_plane_init() shouldn't be hit (it's a WARN_ON), in its current position it will then leak the plane->format_types array and fail to call drm_mode_object_unregister() leaking the modeset identifier. Move it to the start of the function to avoid allocating those resources in the first place. The Linux kernel CVE team has assigned CVE-2021-47659 to this issue. Affected and fixed versions =========================== Fixed in 4.19.247 with commit 4ab7e453a3ee88c274cf97bee9487ab92a66d313 Fixed in 5.4.198 with commit 1e29d829ad51d1472dd035487953a6724b56fc33 Fixed in 5.10.121 with commit b5cd108143513e4498027b96ec4710702d186f11 Fixed in 5.15.46 with commit 978e3d023256bfaf34a0033d40c94e8a8e70cf3c Fixed in 5.17.14 with commit 787163d19bc3cdc6ca4b96223f62208534d1cf6b Fixed in 5.18.3 with commit ad6dd7a2bac86118985c7b3426e175b9d3c1ec4f Fixed in 5.19 with commit 4b674dd69701c2e22e8e7770c1706a69f3b17269 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47659 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/drm_plane.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/4ab7e453a3ee88c274cf97bee9487ab92a66d313 https://git.kernel.org/stable/c/1e29d829ad51d1472dd035487953a6724b56fc33 https://git.kernel.org/stable/c/b5cd108143513e4498027b96ec4710702d186f11 https://git.kernel.org/stable/c/978e3d023256bfaf34a0033d40c94e8a8e70cf3c https://git.kernel.org/stable/c/787163d19bc3cdc6ca4b96223f62208534d1cf6b https://git.kernel.org/stable/c/ad6dd7a2bac86118985c7b3426e175b9d3c1ec4f https://git.kernel.org/stable/c/4b674dd69701c2e22e8e7770c1706a69f3b17269
Powered by blists - more mailing lists