Bug 1219615 (CVE-2024-22386)

Summary: VUL-0: CVE-2024-22386: kernel: null pointer dereference due to race in drm/exynos in exynos_drm_crtc_atomic_disable() function
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Karasulli <vasant.karasulli>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: andrea.mattiazzo, meissner, vasant.karasulli
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/393019/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-22386:4.7:(AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-02-06 10:20:11 UTC 
A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22386
https://www.cve.org/CVERecord?id=CVE-2024-22386
https://bugzilla.openanolis.cn/show_bug.cgi?id=8147
Comment 1 Andrea Mattiazzo 2024-02-06 10:33:25 UTC 
Advisory is not public yet, but probably refer to this upstream commit:
https://github.com/torvalds/linux/commit/2e63972a2de14482d0eae1a03a73e379f1c3f44c

Based on this commit the codestream affected are:
- cve/linux-5.14
- cve/linux-4.12
- cve/linux-5.3
Comment 2 Marcus Meissner 2024-02-08 17:05:14 UTC 
SP4, SP5, SP6: 
config/arm64/default:# CONFIG_DRM_EXYNOS is not set
(armv7l has it, but we do not ship arm32bit product.)

I would declare us as unaffected.
Comment 3 Andrea Mattiazzo 2024-02-09 08:26:14 UTC 
Ok, thanks Markus, closing it as resolved.