CVE-2024-39471: drm/amdgpu: add error handle to avoid out-of-bounds
Siddh Raman Pant
siddh.raman.pant at oracle.com
Wed Jul 24 10:24:20 UTC 2024
(Mail V2: Send to correct mailing list and CCing relevant people.)
On Tue, 25 Jun 2024 16:29:04 +0200, Greg Kroah-Hartman wrote:
> In the Linux kernel, the following vulnerability has been resolved:
>
> drm/amdgpu: add error handle to avoid out-of-bounds
>
> if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should
> be stop to avoid out-of-bounds read, so directly return -EINVAL.
>
> The Linux kernel CVE team has assigned CVE-2024-39471 to this issue.
This commit has a bug which was fixed by 6769a23697f1. It should be
immediately backported, otherwise this "fix" doesn't do anything since
gcc will optimise out the check.
Thanks,
Siddh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20240724/426a9b14/attachment.sig>
More information about the dri-devel
mailing list