lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2024090829-mutt-remold-6d2c@gregkh>
Date: Sun, 8 Sep 2024 14:59:48 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Alex Deucher <alexdeucher@...il.com>
Cc: Mukul Sikka <mukul.sikka@...adcom.com>, stable@...r.kernel.org,
	evan.quan@....com, alexander.deucher@....com,
	christian.koenig@....com, airlied@...ux.ie, daniel@...ll.ch,
	Jun.Ma2@....com, kevinyang.wang@....com, sashal@...nel.org,
	amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
	linux-kernel@...r.kernel.org, ajay.kaher@...adcom.com,
	alexey.makhalov@...adcom.com, vasavi.sirnapalli@...adcom.com,
	Bob Zhou <bob.zhou@....com>, Tim Huang <Tim.Huang@....com>
Subject: Re: [PATCH v5.15-v5.10] drm/amd/pm: Fix the null pointer dereference
 for vega10_hwmgr

On Fri, Sep 06, 2024 at 11:02:32AM -0400, Alex Deucher wrote:
> On Fri, Sep 6, 2024 at 4:50 AM Mukul Sikka <mukul.sikka@...adcom.com> wrote:
> >
> > On Fri, Sep 6, 2024 at 12:05 AM Alex Deucher <alexdeucher@...il.com> wrote:
> > >
> > > On Tue, Sep 3, 2024 at 5:53 AM sikkamukul <mukul.sikka@...adcom.com> wrote:
> > > >
> > > > From: Bob Zhou <bob.zhou@....com>
> > > >
> > > > [ Upstream commit 50151b7f1c79a09117837eb95b76c2de76841dab ]
> > > >
> > > > Check return value and conduct null pointer handling to avoid null pointer dereference.
> > > >
> > > > Signed-off-by: Bob Zhou <bob.zhou@....com>
> > > > Reviewed-by: Tim Huang <Tim.Huang@....com>
> > > > Signed-off-by: Alex Deucher <alexander.deucher@....com>
> > > > Signed-off-by: Sasha Levin <sashal@...nel.org>
> > > > Signed-off-by: Mukul Sikka <mukul.sikka@...adcom.com>
> > >
> > > Just out of curiosity, are you actually seeing an issue?  This and a
> > > lot of the other recent NULL check patches are just static checker
> > > fixes.  They don't actually fix a known issue.
> > >
> > No, according to the description of this patch and CVE-2024-43905.
> > It seems to be applicable to LTS.
> 
> I don't know that this is really CVE material, but oh well.  I'm not
> sure if it's actually possible to hit this in practice.

If it's not possible, there's no need to add the check.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ