Bugzilla – Bug 1222066
VUL-0: CVE-2024-26647: kernel: drm/amd/display: late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'
Last modified: 2024-06-25 18:23:15 UTC
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' In link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc' was dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc' NULL pointer check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903) References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26647 https://git.kernel.org/stable/c/6aa5ede6665122f4c8abce3c6eba06b49e54d25c https://git.kernel.org/stable/c/cf656fc7276e5b3709a81bc9d9639459be2b2647 https://www.cve.org/CVERecord?id=CVE-2024-26647 https://git.kernel.org/stable/c/3bb9b1f958c3d986ed90a3ff009f1e77e9553207
I'd say this was introduced in 6ca7415f11af ("drm/amd/display: merge dc_link_dp into dc_link"), where the `DC_LOGGER_INIT(dsc->ctx->logger)` call was introduced when moving `dp_set_dsc_pps_sdp()` from one file to another. If this is the case, then cve/linux-5.14-LTSS and older are not affected, and SLE15-SP6-GA and newer are already fixed.
Fix is not applicable to SLE15-SP5, SLE12-SP5 or SLE12-SP3-TD. Reassigning.
All done, closing.