Bug 1150469 - (CVE-2019-16229) VUL-1: CVE-2019-16229: kernel-source: NULL pointer dereference in alloc_workqueue in drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c
VUL-1: CVE-2019-16229: kernel-source: NULL pointer dereference in alloc_workq...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Normal
: ---
Assigned To: E-mail List
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2019-09-12 07:58 UTC by Alexander Bergmann
Modified: 2020-06-29 14:50 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-09-12 07:58:41 UTC

drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not
check the alloc_workqueue return value, leading to a NULL pointer dereference.

Comment 1 Michal Hocko 2019-09-12 09:37:36 UTC
I can see a flood of CVEs like this one and I again feel this is a CVE process abuse. Let's see what the potentially failing allocation is
tbl_size = nr_node_ids * sizeof(wq->numa_pwq_tbl[0]);
kzalloc(sizeof(*wq) + tbl_size, GFP_KERNEL);

wq is 320B, pool_workqueue is 256B, take nr_node_ids something real, say less than 100 and we are still under 4KB. The memory allocator simply does't fail those allocations unless there is a very special conditions - e.g. the caller is an OOM victim. I am really skeptical that an initialization call is called in such a context.

That being said, adding a check for the failure makes sense but assigning a CVE and make it a big deal is just dubious to say the least.
Comment 2 Borislav Petkov 2019-09-13 12:57:30 UTC
I agree. Marcus, can we kill those CVEs?
Comment 3 Marcus Meissner 2019-10-10 05:56:43 UTC
I filed a rejection request with Mitre. This might take a while.
Comment 4 Marcus Meissner 2019-10-11 07:07:17 UTC
Now marked as disputed.