| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024093053-womanly-groom-a59b@gregkh> Date: Mon, 30 Sep 2024 21:09:18 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Michal Koutný <mkoutny@...e.com> Cc: cve@...nel.org, linux-kernel@...r.kernel.org, Tom Chung <chiahsuan.chung@....com>, Hersen Wu <hersenxs.wu@....com> Subject: Re: CVE-2024-46808: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range On Mon, Sep 30, 2024 at 08:58:41PM +0200, Michal Koutný wrote: > Hello. > > On Fri, Sep 27, 2024 at 02:36:13PM GMT, Greg Kroah-Hartman <gregkh@...uxfoundation.org> wrote: > > In the Linux kernel, the following vulnerability has been resolved: > > > > drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range > > > > [Why & How] > > ASSERT if return NULL from kcalloc. > > > > The Linux kernel CVE team has assigned CVE-2024-46808 to this issue. > > This is not a good CVE fix since it'd bring the system down for users > with panic_on_warn=1 anyway. (I wasn't able to `make > drivers/gpu/drm/amd/display/dc/link/protocols/link_dpcd.i` but I assume > the ASSERTs expand to one of the WARN_ONs, feel free to correct me.) It's a good fix for those without that option enabled :) > It'd need graceful handling of the kcalloc failure. Agreed, it could be fixed better. thanks, greg k-h
Powered by blists - more mailing lists