cve/rejected/2024/CVE-2024-42308.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-c9c4e1df01b2 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-42308: drm/amd/display: Check for NULL pointer

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 drm/amd/display: Check for NULL pointer

 [why & how]
 Need to make sure plane_state is initialized
 before accessing its members.

 (cherry picked from commit 295d91cbc700651782a60572f83c24861607b648)

 The Linux kernel CVE team has assigned CVE-2024-42308 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 5.4.282 with commit 71dbf9535934
 	Fixed in 5.10.224 with commit 9ce89824ff04
 	Fixed in 5.15.165 with commit 6b5ed0648213
 	Fixed in 6.1.103 with commit f068494430d1
 	Fixed in 6.6.44 with commit 4ccd37085976
 	Fixed in 6.10.3 with commit 185616085b12
 	Fixed in 6.11 with commit 4ab68e168ae1

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-42308
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/gpu/drm/amd/display/dc/core/dc_surface.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb
 	https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40
 	https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692
 	https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602
 	https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a
 	https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89
 	https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa
	From bippy-c9c4e1df01b2 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-42308: drm/amd/display: Check for NULL pointer

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	drm/amd/display: Check for NULL pointer

	[why & how]
	Need to make sure plane_state is initialized
	before accessing its members.

	(cherry picked from commit 295d91cbc700651782a60572f83c24861607b648)

	The Linux kernel CVE team has assigned CVE-2024-42308 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 5.4.282 with commit 71dbf9535934
	Fixed in 5.10.224 with commit 9ce89824ff04
	Fixed in 5.15.165 with commit 6b5ed0648213
	Fixed in 6.1.103 with commit f068494430d1
	Fixed in 6.6.44 with commit 4ccd37085976
	Fixed in 6.10.3 with commit 185616085b12
	Fixed in 6.11 with commit 4ab68e168ae1

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-42308
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/gpu/drm/amd/display/dc/core/dc_surface.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb
	https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40
	https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692
	https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602
	https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a
	https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89
	https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa