| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122417-CVE-2023-54122-b6f8@gregkh> Date: Wed, 24 Dec 2025 14:07:19 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54122: drm/msm/dpu: Add check for cstate From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add check for cstate As kzalloc may fail and return NULL pointer, it should be better to check cstate in order to avoid the NULL pointer dereference in __drm_atomic_helper_crtc_reset. Patchwork: https://patchwork.freedesktop.org/patch/514163/ The Linux kernel CVE team has assigned CVE-2023-54122 to this issue. Affected and fixed versions =========================== Issue introduced in 5.3 with commit 1cff7440a86e04a613665803b42034c467f035fa and fixed in 5.4.235 with commit a6afb8293ec0932f4ed0b7aecfc0ccc00f44dc2b Issue introduced in 5.3 with commit 1cff7440a86e04a613665803b42034c467f035fa and fixed in 5.10.173 with commit 31f2f8de0ea7387cde18a24f94ba5e0b886b9842 Issue introduced in 5.3 with commit 1cff7440a86e04a613665803b42034c467f035fa and fixed in 5.15.99 with commit d4ba50614cb3f0686bbdb505af685d78e75861dc Issue introduced in 5.3 with commit 1cff7440a86e04a613665803b42034c467f035fa and fixed in 6.1.16 with commit 42442d42c57b9fbc35cb5ef72c7e5347c5f7d082 Issue introduced in 5.3 with commit 1cff7440a86e04a613665803b42034c467f035fa and fixed in 6.2.3 with commit a52e5a002d18bffabff66f6f59a74f8e9aac5afe Issue introduced in 5.3 with commit 1cff7440a86e04a613665803b42034c467f035fa and fixed in 6.3 with commit c96988b7d99327bb08bd9efd29a203b22cd88ace Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54122 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a6afb8293ec0932f4ed0b7aecfc0ccc00f44dc2b https://git.kernel.org/stable/c/31f2f8de0ea7387cde18a24f94ba5e0b886b9842 https://git.kernel.org/stable/c/d4ba50614cb3f0686bbdb505af685d78e75861dc https://git.kernel.org/stable/c/42442d42c57b9fbc35cb5ef72c7e5347c5f7d082 https://git.kernel.org/stable/c/a52e5a002d18bffabff66f6f59a74f8e9aac5afe https://git.kernel.org/stable/c/c96988b7d99327bb08bd9efd29a203b22cd88ace
Powered by blists - more mailing lists