Bugzilla – Bug 1150469
VUL-1: CVE-2019-16229: kernel-source: NULL pointer dereference in alloc_workqueue in drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c
Last modified: 2020-06-29 14:50:12 UTC
CVE-2019-16229 drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16229 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16229 https://lkml.org/lkml/2019/9/9/487
I can see a flood of CVEs like this one and I again feel this is a CVE process abuse. Let's see what the potentially failing allocation is tbl_size = nr_node_ids * sizeof(wq->numa_pwq_tbl[0]); kzalloc(sizeof(*wq) + tbl_size, GFP_KERNEL); wq is 320B, pool_workqueue is 256B, take nr_node_ids something real, say less than 100 and we are still under 4KB. The memory allocator simply does't fail those allocations unless there is a very special conditions - e.g. the caller is an OOM victim. I am really skeptical that an initialization call is called in such a context. That being said, adding a check for the failure makes sense but assigning a CVE and make it a big deal is just dubious to say the least.
I agree. Marcus, can we kill those CVEs?
I filed a rejection request with Mitre. This might take a while.
Now marked as disputed.