cve/published/2023/CVE-2023-52788.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-52788: i915/perf: Fix NULL deref bugs with drm_dbg() calls

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 i915/perf: Fix NULL deref bugs with drm_dbg() calls

 When i915 perf interface is not available dereferencing it will lead to
 NULL dereferences.

 As returning -ENOTSUPP is pretty clear return when perf interface is not
 available.

 [tursulin: added stable tag]
 (cherry picked from commit 36f27350ff745bd228ab04d7845dfbffc177a889)

 The Linux kernel CVE team has assigned CVE-2023-52788 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.15.108 with commit 9b344cf6aea0a69c00e19efdc6e02c6d5aae1a23 and fixed in 5.15.140 with commit 1566e8be73fd5fa424e88d2a4cffdc34f970f0e1
 	Issue introduced in 6.0 with commit 2fec539112e89255b6a47f566e21d99937fada7b and fixed in 6.1.64 with commit 55db76caa782baa4a1bf02296e2773c38a524a3e
 	Issue introduced in 6.0 with commit 2fec539112e89255b6a47f566e21d99937fada7b and fixed in 6.5.13 with commit bf8e105030083e7b71591cdf437e464bcd8a0c09
 	Issue introduced in 6.0 with commit 2fec539112e89255b6a47f566e21d99937fada7b and fixed in 6.6.3 with commit 10f49cdfd5fb342a1a9641930dc040c570694e98
 	Issue introduced in 6.0 with commit 2fec539112e89255b6a47f566e21d99937fada7b and fixed in 6.7 with commit 471aa951bf1206d3c10d0daa67005b8e4db4ff83

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-52788
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/gpu/drm/i915/i915_perf.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/1566e8be73fd5fa424e88d2a4cffdc34f970f0e1
 	https://git.kernel.org/stable/c/55db76caa782baa4a1bf02296e2773c38a524a3e
 	https://git.kernel.org/stable/c/bf8e105030083e7b71591cdf437e464bcd8a0c09
 	https://git.kernel.org/stable/c/10f49cdfd5fb342a1a9641930dc040c570694e98
 	https://git.kernel.org/stable/c/471aa951bf1206d3c10d0daa67005b8e4db4ff83
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-52788: i915/perf: Fix NULL deref bugs with drm_dbg() calls

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	i915/perf: Fix NULL deref bugs with drm_dbg() calls

	When i915 perf interface is not available dereferencing it will lead to
	NULL dereferences.

	As returning -ENOTSUPP is pretty clear return when perf interface is not
	available.

	[tursulin: added stable tag]
	(cherry picked from commit 36f27350ff745bd228ab04d7845dfbffc177a889)

	The Linux kernel CVE team has assigned CVE-2023-52788 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.15.108 with commit 9b344cf6aea0a69c00e19efdc6e02c6d5aae1a23 and fixed in 5.15.140 with commit 1566e8be73fd5fa424e88d2a4cffdc34f970f0e1
	Issue introduced in 6.0 with commit 2fec539112e89255b6a47f566e21d99937fada7b and fixed in 6.1.64 with commit 55db76caa782baa4a1bf02296e2773c38a524a3e
	Issue introduced in 6.0 with commit 2fec539112e89255b6a47f566e21d99937fada7b and fixed in 6.5.13 with commit bf8e105030083e7b71591cdf437e464bcd8a0c09
	Issue introduced in 6.0 with commit 2fec539112e89255b6a47f566e21d99937fada7b and fixed in 6.6.3 with commit 10f49cdfd5fb342a1a9641930dc040c570694e98
	Issue introduced in 6.0 with commit 2fec539112e89255b6a47f566e21d99937fada7b and fixed in 6.7 with commit 471aa951bf1206d3c10d0daa67005b8e4db4ff83

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52788
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/gpu/drm/i915/i915_perf.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/1566e8be73fd5fa424e88d2a4cffdc34f970f0e1
	https://git.kernel.org/stable/c/55db76caa782baa4a1bf02296e2773c38a524a3e
	https://git.kernel.org/stable/c/bf8e105030083e7b71591cdf437e464bcd8a0c09
	https://git.kernel.org/stable/c/10f49cdfd5fb342a1a9641930dc040c570694e98
	https://git.kernel.org/stable/c/471aa951bf1206d3c10d0daa67005b8e4db4ff83