2311712 – (CVE-2024-45015) CVE-2024-45015 kernel: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()

Bug 2311712 (CVE-2024-45015) - CVE-2024-45015 kernel: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()

Summary: CVE-2024-45015 kernel: drm/msm/dpu: move dpu_encoder's connector assignme...

Keywords:
Status:	NEW
Alias:	CVE-2024-45015
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2311745
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-11 16:20 UTC by OSIDB Bzimport
Modified:	2024-09-13 10:14 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-09-11 16:20:55 UTC

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()

For cases where the crtc's connectors_changed was set without enable/active
getting toggled , there is an atomic_enable() call followed by an
atomic_disable() but without an atomic_mode_set().

This results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in
the atomic_enable() as the dpu_encoder's connector was cleared in the
atomic_disable() but not re-assigned as there was no atomic_mode_set() call.

Fix the NULL ptr access by moving the assignment for atomic_enable() and also
use drm_atomic_get_new_connector_for_encoder() to get the connector from
the atomic_state.

Patchwork: https://patchwork.freedesktop.org/patch/606729/

Comment 1 Michal Findra 2024-09-11 17:02:18 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.