| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <miszqpmc73g7otccgv2hifv6uuckmq6vuxz6sxczfzkyvd5vhz@qu5ts3iwvzmw>
Date: Wed, 2 Oct 2024 16:14:17 +0200
From: Michal Koutný <mkoutny@...e.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org,
Tom Chung <chiahsuan.chung@....com>, Hersen Wu <hersenxs.wu@....com>,
Alex Deucher <alexander.deucher@....com>
Subject: Re: CVE-2024-46808: drm/amd/display: Add missing NULL pointer check
within dpcd_extend_address_range
On Mon, Sep 30, 2024 at 09:09:18PM GMT, Greg Kroah-Hartman <gregkh@...uxfoundation.org> wrote:
> It's a good fix for those without that option enabled :)
Users with panic_on_warn=0 will see a warning but there'll be a NULL
pointer floating around. (That's not good for kernel code.) There is no
code flow change here. It's not a vulnerability fix.
There are other fixes that I've seen recently that at least change the
code flow:
- CVE-2024-46805: drm/amdgpu: fix the waring dereferencing hive
- CVE-2024-46811: kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box
- CVE-2024-46812: kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration
(These are not vulnerability fixes for panic_on_warn=1 though.)
So these CVE numbers point out potential vulnerabilities but the
associated patches don't fix them (generally).
> Agreed, it could be fixed better.
Let me Cc also Alex (last S-O-B on them) to be aware of that.
I think I can't do more at the moment.
Regards,
Michal
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists