Bug 1150468 - (CVE-2019-16230) VUL-1: DISPUTED: CVE-2019-16230: kernel-source: NULL pointer dereference in alloc_workqueue in drivers/gpu/drm/radeon/radeon_display.c
(CVE-2019-16230)
VUL-1: DISPUTED: CVE-2019-16230: kernel-source: NULL pointer dereference in a...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/242227/
CVSSv3:SUSE:CVE-2019-16230:4.0:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-12 07:55 UTC by Alexander Bergmann
Modified: 2020-06-29 06:42 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-09-12 07:55:52 UTC
CVE-2019-16230

drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not
check the alloc_workqueue return value, leading to a NULL pointer dereference.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16230
https://lkml.org/lkml/2019/9/9/487
Comment 10 Thomas Zimmermann 2020-02-04 10:43:37 UTC
Looking at

> https://lkml.org/lkml/2019/9/9/487

the radeon change is still missing from v5.5. The other changes are in non-DRM code. Someone with net and/or scsi credentials should look at them.
Comment 11 Borislav Petkov 2020-02-14 09:49:28 UTC
Ok, so AFAICT, this CVE is only for the radeon part. And considering how debatable are those "fixes", I think we can simply say that this is not fixed upstream and not fixed in our kernels either.
Comment 12 Marcus Meissner 2020-02-21 15:42:44 UTC
The allocation is usually happening on module load, which happens for this driver during bootup.

It is not controllable by an attacker.

It is also unlikely to have an OOM condition at this time.

We will not fix this.
Comment 13 Marcus Meissner 2020-02-25 10:53:40 UTC
dispute was also accepted by Mitre.