Bug 1222323 (CVE-2024-26661)

Summary: VUL-0: CVE-2024-26661: kernel: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: IN_PROGRESS --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: camila.matos, mkoutny, osalvador, rfrohl
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/399970/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-26661:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-04-04 14:10:02 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'

In "u32 otg_inst = pipe_ctx->stream_res.tg->inst;"
pipe_ctx->stream_res.tg could be NULL, it is relying on the caller to
ensure the tg is not NULL.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26661
https://git.kernel.org/stable/c/39f24c08363af1cd945abad84e3c87fd3e3c845a
https://git.kernel.org/stable/c/3f3c237a706580326d3b7a1b97697e5031ca4667
https://git.kernel.org/stable/c/66951d98d9bf45ba25acf37fe0747253fafdf298
https://www.cve.org/CVERecord?id=CVE-2024-26661
https://bugzilla.redhat.com/show_bug.cgi?id=2272784
Comment 4 Oscar Salvador 2024-04-17 03:50:48 UTC 
@Patrik: Can you please check

./scripts/check-kernel-fix CVE-2024-26661
66951d98d9bf ("drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'") merged v6.8-rc4~21^2~1^2~14
Fixes: 474ac4a875ca ("drm/amd/display: Implement some asic specific abm call backs.") merged v5.9-rc1~134^2~19^2~484
Security fix for CVE-2024-26661 bsc#1222323 with CVSS 5.5
..............................
ACTION NEEDED!
SLE15-SP5: MANUAL: backport 66951d98d9bf45ba25acf37fe0747253fafdf298 (Fixes 474ac4a875ca)