CVE-2024-45015

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() For cases where the crtc's connectors_changed was set without enable/active getting toggled , there is an atomic_enable() call followed by an atomic_disable() but without an atomic_mode_set(). This results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in the atomic_enable() as the dpu_encoder's connector was cleared in the atomic_disable() but not re-assigned as there was no atomic_mode_set() call. Fix the NULL ptr access by moving the assignment for atomic_enable() and also use drm_atomic_get_new_connector_for_encoder() to get the connector from the atomic_state. Patchwork: https://patchwork.freedesktop.org/patch/606729/

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52	Patch
https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77	Patch
https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc4::::::

History

13 Sep 2024, 16:35

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52 -~~	() https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52 - Patch
References	~~() https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77 -~~	() https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77 - Patch
References	~~() https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 -~~	() https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/dpu: mover la asignación del conector de dpu_encoder a atomic_enable() Para los casos en los que se configuró connectors_changed de crtc sin que se alternara enable/active, hay una llamada a atomic_enable() seguida de una atomic_disable() pero sin una atomic_mode_set(). Esto da como resultado un acceso ptr NULL para la llamada dpu_encoder_get_drm_fmt() en atomic_enable() ya que el conector de dpu_encoder se borró en atomic_disable() pero no se reasignó ya que no hubo una llamada a atomic_mode_set(). Corrija el acceso ptr NULL moviendo la asignación para atomic_enable() y también use drm_atomic_get_new_connector_for_encoder() para obtener el conector de atomic_state. Parche: https://patchwork.freedesktop.org/patch/606729/
CPE		cpe:2.3:o:linux:linux_kernel:6.11:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
CWE		CWE-476
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

11 Sep 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-11 16:15

Updated : 2024-09-13 16:35

NVD link : CVE-2024-45015

Mitre link : CVE-2024-45015

CVE.ORG link : CVE-2024-45015

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10