cve/published/2024/CVE-2024-42228.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-42228: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

 Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.
 V2: To really improve the handling we would actually
    need to have a separate value of 0xffffffff.(Christian)

 The Linux kernel CVE team has assigned CVE-2024-42228 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.19.321 with commit d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8
 	Fixed in 5.4.283 with commit 3b505759447637dcccb50cbd98ec6f8d2a04fc46
 	Fixed in 5.10.225 with commit df02642c21c984303fe34c3f7d72965792fb1a15
 	Fixed in 5.15.166 with commit da6a85d197888067e8d38b5d22c986b5b5cab712
 	Fixed in 6.1.108 with commit 9ee1534ecdd5b4c013064663502d7fde824d2144
 	Fixed in 6.6.39 with commit 855ae72c20310e5402b2317fc537d911e87537ef
 	Fixed in 6.9.9 with commit f8f120b3de48b8b6bdf8988a9b334c2d61c17440
 	Fixed in 6.10 with commit 88a9a467c548d0b3c7761b4fd54a68e70f9c0944

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-42228
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8
 	https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46
 	https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15
 	https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712
 	https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144
 	https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef
 	https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440
 	https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-42228: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

	Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.
	V2: To really improve the handling we would actually
	need to have a separate value of 0xffffffff.(Christian)

	The Linux kernel CVE team has assigned CVE-2024-42228 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.19.321 with commit d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8
	Fixed in 5.4.283 with commit 3b505759447637dcccb50cbd98ec6f8d2a04fc46
	Fixed in 5.10.225 with commit df02642c21c984303fe34c3f7d72965792fb1a15
	Fixed in 5.15.166 with commit da6a85d197888067e8d38b5d22c986b5b5cab712
	Fixed in 6.1.108 with commit 9ee1534ecdd5b4c013064663502d7fde824d2144
	Fixed in 6.6.39 with commit 855ae72c20310e5402b2317fc537d911e87537ef
	Fixed in 6.9.9 with commit f8f120b3de48b8b6bdf8988a9b334c2d61c17440
	Fixed in 6.10 with commit 88a9a467c548d0b3c7761b4fd54a68e70f9c0944

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-42228
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8
	https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46
	https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15
	https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712
	https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144
	https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef
	https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440
	https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944