| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250509092603.3242559-1-jianqi.ren.cn@windriver.com>
Date: Fri, 9 May 2025 17:26:03 +0800
From: <jianqi.ren.cn@...driver.com>
To: <gregkh@...uxfoundation.org>, <stable@...r.kernel.org>
CC: <patches@...ts.linux.dev>, <linux-kernel@...r.kernel.org>,
<jianqi.ren.cn@...driver.com>, <fullwaywang@...look.com>,
<tiffany.lin@...iatek.com>, <andrew-ct.chen@...iatek.com>,
<mchehab@...nel.org>, <matthias.bgg@...il.com>,
<linux-media@...r.kernel.org>, <linux-arm-kernel@...ts.infradead.org>,
<linux-mediatek@...ts.infradead.org>
Subject: [PATCH 5.10.y] media: mtk-vcodec: potential null pointer deference in SCP
From: Fullway Wang <fullwaywang@...look.com>
[ Upstream commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b ]
The return value of devm_kzalloc() needs to be checked to avoid
NULL pointer deference. This is similar to CVE-2022-3113.
Link: https://lore.kernel.org/linux-media/PH7PR20MB5925094DAE3FD750C7E39E01BF712@PH7PR20MB5925.namprd20.prod.outlook.com
Signed-off-by: Fullway Wang <fullwaywang@...look.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@...nel.org>
[Minor conflict resolved due to code context change.]
Signed-off-by: Jianqi Ren <jianqi.ren.cn@...driver.com>
Signed-off-by: He Zhe <zhe.he@...driver.com>
---
Verified the build test
---
drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c
index d8e66b645bd8..27f08b1d34d1 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c
@@ -65,6 +65,8 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev)
}
fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL);
+ if (!fw)
+ return ERR_PTR(-ENOMEM);
fw->type = SCP;
fw->ops = &mtk_vcodec_rproc_msg;
fw->scp = scp;
--
2.34.1
Powered by blists - more mailing lists