| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122424-CVE-2023-53991-037d@gregkh> Date: Wed, 24 Dec 2025 11:56:35 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53991: drm/msm/dpu: Disallow unallocated resources to be returned From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology requests resources that have not been created by the system (because they are typically not represented in dpu_mdss_cfg ^1), the resource(s) in global_state (in this case DSC blocks, until their allocation/assignment is being sanity-checked in "drm/msm/dpu: Reject topologies for which no DSC blocks are available") remain NULL but will still be returned out of dpu_rm_get_assigned_resources, where the caller expects to get an array containing num_blks valid pointers (but instead gets these NULLs). To prevent this from happening, where null-pointer dereferences typically result in a hard-to-debug platform lockup, num_blks shouldn't increase past NULL blocks and will print an error and break instead. After all, max_blks represents the static size of the maximum number of blocks whereas the actual amount varies per platform. ^1: which can happen after a git rebase ended up moving additions to _dpu_cfg to a different struct which has the same patch context. Patchwork: https://patchwork.freedesktop.org/patch/517636/ The Linux kernel CVE team has assigned CVE-2023-53991 to this issue. Affected and fixed versions =========================== Issue introduced in 5.7 with commit bb00a452d6f77391441ef7df48f7115dd459cd2f and fixed in 5.10.173 with commit 8dbd54d679e3ab37be43bc1ed9f463dbf83a2259 Issue introduced in 5.7 with commit bb00a452d6f77391441ef7df48f7115dd459cd2f and fixed in 5.15.99 with commit bf661c5e3bc48973acb363c76e3db965d9ed26d0 Issue introduced in 5.7 with commit bb00a452d6f77391441ef7df48f7115dd459cd2f and fixed in 6.1.16 with commit 9e1e236acdc42b5c43ec8d7f03a39537e70cc309 Issue introduced in 5.7 with commit bb00a452d6f77391441ef7df48f7115dd459cd2f and fixed in 6.2.3 with commit 9fe3644c720ac87d150f0bba5a4ae86cae55afaf Issue introduced in 5.7 with commit bb00a452d6f77391441ef7df48f7115dd459cd2f and fixed in 6.3 with commit abc40122d9a69f56c04efb5a7485795f5ac799d1 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53991 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/msm/disp/dpu1/dpu_rm.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8dbd54d679e3ab37be43bc1ed9f463dbf83a2259 https://git.kernel.org/stable/c/bf661c5e3bc48973acb363c76e3db965d9ed26d0 https://git.kernel.org/stable/c/9e1e236acdc42b5c43ec8d7f03a39537e70cc309 https://git.kernel.org/stable/c/9fe3644c720ac87d150f0bba5a4ae86cae55afaf https://git.kernel.org/stable/c/abc40122d9a69f56c04efb5a7485795f5ac799d1
Powered by blists - more mailing lists