| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122432-CVE-2023-54018-0a10@gregkh> Date: Wed, 24 Dec 2025 11:57:02 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54018: drm/msm/hdmi: Add missing check for alloc_ordered_workqueue From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue as it may return NULL pointer and cause NULL pointer dereference in `hdmi_hdcp.c` and `hdmi_hpd.c`. Patchwork: https://patchwork.freedesktop.org/patch/517211/ The Linux kernel CVE team has assigned CVE-2023-54018 to this issue. Affected and fixed versions =========================== Issue introduced in 4.3 with commit c6a57a50ad562a2e6fc6ac3218b710caea73a58b and fixed in 4.14.308 with commit b479485b24da1d572a0ce875537af31b02d2f915 Issue introduced in 4.3 with commit c6a57a50ad562a2e6fc6ac3218b710caea73a58b and fixed in 4.19.276 with commit 392f7eb3946ab3780b931af723033e19f82c9134 Issue introduced in 4.3 with commit c6a57a50ad562a2e6fc6ac3218b710caea73a58b and fixed in 5.4.235 with commit fc34608fa275fe6b3b17e171b63b8ca3aa1cbf09 Issue introduced in 4.3 with commit c6a57a50ad562a2e6fc6ac3218b710caea73a58b and fixed in 5.10.173 with commit 1bab31a0969ca4ac90907a5d3b44af104229eafd Issue introduced in 4.3 with commit c6a57a50ad562a2e6fc6ac3218b710caea73a58b and fixed in 5.15.99 with commit 9a01ecc312e764ec4527ad49105a3ca799f1860c Issue introduced in 4.3 with commit c6a57a50ad562a2e6fc6ac3218b710caea73a58b and fixed in 6.1.16 with commit e55f93d674314f2fb69eba0dc24acfdf72805611 Issue introduced in 4.3 with commit c6a57a50ad562a2e6fc6ac3218b710caea73a58b and fixed in 6.2.3 with commit ae5ca116a0c0ba9fc4123b1f1ec3c4f4d0d01b3f Issue introduced in 4.3 with commit c6a57a50ad562a2e6fc6ac3218b710caea73a58b and fixed in 6.3 with commit afe4cb96153a0d8003e4e4ebd91b5c543e10df84 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54018 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/msm/hdmi/hdmi.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b479485b24da1d572a0ce875537af31b02d2f915 https://git.kernel.org/stable/c/392f7eb3946ab3780b931af723033e19f82c9134 https://git.kernel.org/stable/c/fc34608fa275fe6b3b17e171b63b8ca3aa1cbf09 https://git.kernel.org/stable/c/1bab31a0969ca4ac90907a5d3b44af104229eafd https://git.kernel.org/stable/c/9a01ecc312e764ec4527ad49105a3ca799f1860c https://git.kernel.org/stable/c/e55f93d674314f2fb69eba0dc24acfdf72805611 https://git.kernel.org/stable/c/ae5ca116a0c0ba9fc4123b1f1ec3c4f4d0d01b3f https://git.kernel.org/stable/c/afe4cb96153a0d8003e4e4ebd91b5c543e10df84
Powered by blists - more mailing lists