Bug 2301485 (CVE-2024-42120)

Summary: CVE-2024-42120 kernel: drm/amd/display: Check pipe offset before setting vblank
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dfreiber, drow, jburrell, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.10.222, kernel 5.15.163, kernel 6.1.98, kernel 6.6.39, kernel 6.9.9, kernel 6.10 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability in the DRM/AMD/display subsystem in the Linux Kernel was resolved by adding a check for the `pipe_ctx` index before accessing the `vblank` array. This fix addresses an out-of-bounds access issue reported by Coverity, preventing potential memory corruption and enhancing system stability. The check ensures that the index is within the valid range, safeguarding against buffer overruns.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2301786    
Bug Blocks:    

Description OSIDB Bzimport 2024-07-30 08:32:56 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Check pipe offset before setting vblank

pipe_ctx has a size of MAX_PIPES so checking its index before accessing
the array.

This fixes an OVERRUN issue reported by Coverity.
Comment 1 Mauro Matteo Cascella 2024-07-30 19:13:38 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024073024-CVE-2024-42120-c2ff@gregkh/T
Comment 2 Mauro Matteo Cascella 2024-07-30 19:13:58 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2301786]