NACK/Cmnt: [SRU][J][PATCH 0/2] CVE-2024-26662

[Manuel Diewald]

On Fri, Dec 20, 2024 at 05:30:23PM +0800, Yo-Jung (Leo) Lin wrote:
> [Impact]
> 
> drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'
> 
> In dcn21_set_backlight_level(), pipe_ctx->stream_res.tg->inst was
> dereferenced without checking if stream_res.tg could be NULL, making
> it a potential null pointer dereference issue.
> 
> Despite being labeled as the fix, the e96fddb commit DIDN'T fix the CVE
> correctly. Another follow-up patch (drm/amd/display: Fix && vs || typos)
> (17ba9cde11c2) should be applied altogether to fully mitigate this CVE.
> 
> [Fix]
> 
> Noble:    not affected
> Jammy:    Backported - context conflict with neighboring line
> Focal:    not affected
> Bionic:   not affected
> Xenial:   not affected
> Trusty:   not affected
> 
> [Test Case]
> 
> Compile and boot tested.
> 
> [Where problems could occur]
> 
> If those 2 patches don't get applied altogether, then the issue will
> remain.
> 
> Dan Carpenter (1):
>   drm/amd/display: Fix && vs || typos
> 
> Srinivasan Shanmugam (1):
>   drm/amd/display: Fix 'panel_cntl' could be null in
>     'dcn21_set_backlight_level()'
> 
>  drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> -- 
> 2.43.0
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Both patches are declared a cherry-pick in their provenance. Since they
patch different files in tree than the original commit and one of them
had to be modified, the provenance should state

backported from...

instead of

cherry picked from...

for both patches.

-- 
 Manuel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250107/566325eb/attachment.sig>