cve/published/2024/CVE-2024-38548.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-38548: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference

 In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is
 assigned to mhdp_state->current_mode, and there is a dereference of it in
 drm_mode_set_name(), which will lead to a NULL pointer dereference on
 failure of drm_mode_duplicate().

 Fix this bug add a check of mhdp_state->current_mode.

 The Linux kernel CVE team has assigned CVE-2024-38548 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 5.10.219 with commit 85d1a27402f81f2e04b0e67d20f749c2a14edbb3
 	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 5.15.161 with commit 89788cd9824c28ffcdea40232c458233353d1896
 	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 6.1.93 with commit ca53b7efd4ba6ae92fd2b3085cb099c745e96965
 	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 6.6.33 with commit dcf53e6103b26e7458be71491d0641f49fbd5840
 	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 6.8.12 with commit 32fb2ef124c3301656ac6c789a2ef35ef69a66da
 	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 6.9.3 with commit 47889711da20be9b43e1e136e5cb68df37cbcc79
 	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 6.10 with commit 935a92a1c400285545198ca2800a4c6c519c650a

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-38548
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/85d1a27402f81f2e04b0e67d20f749c2a14edbb3
 	https://git.kernel.org/stable/c/89788cd9824c28ffcdea40232c458233353d1896
 	https://git.kernel.org/stable/c/ca53b7efd4ba6ae92fd2b3085cb099c745e96965
 	https://git.kernel.org/stable/c/dcf53e6103b26e7458be71491d0641f49fbd5840
 	https://git.kernel.org/stable/c/32fb2ef124c3301656ac6c789a2ef35ef69a66da
 	https://git.kernel.org/stable/c/47889711da20be9b43e1e136e5cb68df37cbcc79
 	https://git.kernel.org/stable/c/935a92a1c400285545198ca2800a4c6c519c650a
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-38548: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference

	In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is
	assigned to mhdp_state->current_mode, and there is a dereference of it in
	drm_mode_set_name(), which will lead to a NULL pointer dereference on
	failure of drm_mode_duplicate().

	Fix this bug add a check of mhdp_state->current_mode.

	The Linux kernel CVE team has assigned CVE-2024-38548 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 5.10.219 with commit 85d1a27402f81f2e04b0e67d20f749c2a14edbb3
	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 5.15.161 with commit 89788cd9824c28ffcdea40232c458233353d1896
	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 6.1.93 with commit ca53b7efd4ba6ae92fd2b3085cb099c745e96965
	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 6.6.33 with commit dcf53e6103b26e7458be71491d0641f49fbd5840
	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 6.8.12 with commit 32fb2ef124c3301656ac6c789a2ef35ef69a66da
	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 6.9.3 with commit 47889711da20be9b43e1e136e5cb68df37cbcc79
	Issue introduced in 5.10 with commit fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b and fixed in 6.10 with commit 935a92a1c400285545198ca2800a4c6c519c650a

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-38548
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/85d1a27402f81f2e04b0e67d20f749c2a14edbb3
	https://git.kernel.org/stable/c/89788cd9824c28ffcdea40232c458233353d1896
	https://git.kernel.org/stable/c/ca53b7efd4ba6ae92fd2b3085cb099c745e96965
	https://git.kernel.org/stable/c/dcf53e6103b26e7458be71491d0641f49fbd5840
	https://git.kernel.org/stable/c/32fb2ef124c3301656ac6c789a2ef35ef69a66da
	https://git.kernel.org/stable/c/47889711da20be9b43e1e136e5cb68df37cbcc79
	https://git.kernel.org/stable/c/935a92a1c400285545198ca2800a4c6c519c650a