Bugzilla – Full Text Bug Listing
|Summary:||VUL-1: CVE-2019-16229: kernel-source: NULL pointer dereference in alloc_workqueue in drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c|
|Product:||[Novell Products] SUSE Security Incidents||Reporter:||Alexander Bergmann <abergmann>|
|Component:||Incidents||Assignee:||E-mail List <kernel-maintainers>|
|Status:||RESOLVED INVALID||QA Contact:||Security Team bot <security-team>|
|Priority:||P4 - Low||CC:||bpetkov, meissner, mhocko, smash_bz|
|Found By:||Security Response Team||Services Priority:|
|Marketing QA Status:||---||IT Deployment:||---|
Description Alexander Bergmann 2019-09-12 07:58:41 UTC
CVE-2019-16229 drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16229 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16229 https://lkml.org/lkml/2019/9/9/487
Comment 1 Michal Hocko 2019-09-12 09:37:36 UTC
I can see a flood of CVEs like this one and I again feel this is a CVE process abuse. Let's see what the potentially failing allocation is tbl_size = nr_node_ids * sizeof(wq->numa_pwq_tbl); kzalloc(sizeof(*wq) + tbl_size, GFP_KERNEL); wq is 320B, pool_workqueue is 256B, take nr_node_ids something real, say less than 100 and we are still under 4KB. The memory allocator simply does't fail those allocations unless there is a very special conditions - e.g. the caller is an OOM victim. I am really skeptical that an initialization call is called in such a context. That being said, adding a check for the failure makes sense but assigning a CVE and make it a big deal is just dubious to say the least.
Comment 2 Borislav Petkov 2019-09-13 12:57:30 UTC
I agree. Marcus, can we kill those CVEs?
Comment 3 Marcus Meissner 2019-10-10 05:56:43 UTC
I filed a rejection request with Mitre. This might take a while.
Comment 4 Marcus Meissner 2019-10-11 07:07:17 UTC
Now marked as disputed.