NAK: [SRU][J][PATCH 0/2] CVE-2024-26662
Agathe Porte
agathe.porte at canonical.com
Mon Jan 6 12:58:01 UTC 2025
2024-12-19 08:59 CET, Yo-Jung (Leo) Lin:
> [Impact]
>
> drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'
>
> In dcn21_set_backlight_level(), pipe_ctx->stream_res.tg->inst was
> dereferenced without checking if stream_res.tg could be NULL, making
> it a potential null pointer dereference issue.
>
> Despite being labeled as the fix, the e96fddb commit DIDN'T fix the CVE
> correctly. Another follow-up patch (drm/amd/display: Fix && vs || typos)
> (17ba9cde11c2) should be applied altogether to fully mitigate this CVE.
>
> [Fix]
>
> Noble: not affected
> Jammy: Backported - context conflict with neighboring line
> Focal: not affected
> Bionic: not affected
> Xenial: not affected
> Trusty: not affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> If those 2 patches don't get applied altogether, then the issue will
> remain.
>
> Dan Carpenter (1):
> drm/amd/display: Fix && vs || typos
>
> Srinivasan Shanmugam (1):
> drm/amd/display: Fix 'panel_cntl' could be null in
> 'dcn21_set_backlight_level()'
>
> drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
Sending NACK in title for mail filters.
More information about the kernel-team
mailing list