cve/published/2024/CVE-2024-44967.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-44967: drm/mgag200: Bind I2C lifetime to DRM device

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 drm/mgag200: Bind I2C lifetime to DRM device

 Managed cleanup with devm_add_action_or_reset() will release the I2C
 adapter when the underlying Linux device goes away. But the connector
 still refers to it, so this cleanup leaves behind a stale pointer
 in struct drm_connector.ddc.

 Bind the lifetime of the I2C adapter to the connector's lifetime by
 using DRM's managed release. When the DRM device goes away (after
 the Linux device) DRM will first clean up the connector and then
 clean up the I2C adapter.

 The Linux kernel CVE team has assigned CVE-2024-44967 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.0 with commit b279df242972ae816a75cf1cc732af836f999100 and fixed in 6.1.105 with commit 55a6916db77102765b22855d3a0add4751988b7c
 	Issue introduced in 6.0 with commit b279df242972ae816a75cf1cc732af836f999100 and fixed in 6.6.46 with commit 81d34df843620e902dd04aa9205c875833d61c17
 	Issue introduced in 6.0 with commit b279df242972ae816a75cf1cc732af836f999100 and fixed in 6.10.5 with commit 9d96b91e03cba9dfcb4ac370c93af4dbc47d5191
 	Issue introduced in 6.0 with commit b279df242972ae816a75cf1cc732af836f999100 and fixed in 6.11 with commit eb1ae34e48a09b7a1179c579aed042b032e408f4

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-44967
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/gpu/drm/mgag200/mgag200_i2c.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c
 	https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17
 	https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191
 	https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-44967: drm/mgag200: Bind I2C lifetime to DRM device

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	drm/mgag200: Bind I2C lifetime to DRM device

	Managed cleanup with devm_add_action_or_reset() will release the I2C
	adapter when the underlying Linux device goes away. But the connector
	still refers to it, so this cleanup leaves behind a stale pointer
	in struct drm_connector.ddc.

	Bind the lifetime of the I2C adapter to the connector's lifetime by
	using DRM's managed release. When the DRM device goes away (after
	the Linux device) DRM will first clean up the connector and then
	clean up the I2C adapter.

	The Linux kernel CVE team has assigned CVE-2024-44967 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.0 with commit b279df242972ae816a75cf1cc732af836f999100 and fixed in 6.1.105 with commit 55a6916db77102765b22855d3a0add4751988b7c
	Issue introduced in 6.0 with commit b279df242972ae816a75cf1cc732af836f999100 and fixed in 6.6.46 with commit 81d34df843620e902dd04aa9205c875833d61c17
	Issue introduced in 6.0 with commit b279df242972ae816a75cf1cc732af836f999100 and fixed in 6.10.5 with commit 9d96b91e03cba9dfcb4ac370c93af4dbc47d5191
	Issue introduced in 6.0 with commit b279df242972ae816a75cf1cc732af836f999100 and fixed in 6.11 with commit eb1ae34e48a09b7a1179c579aed042b032e408f4

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-44967
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/gpu/drm/mgag200/mgag200_i2c.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c
	https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17
	https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191
	https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4