[SRU][F][PATCH 0/3] CVE-2024-23848

[Jacob Martin]

[Impact]

A use-after-free vulnerability in the Linux kernel's HDMI CEC framework could
potentially lead to denial of service or arbitrary code execution. This is
resolved by a series of patches that improve the status tracking of CEC data
transmission and use proper locking where necessary.

[Fix]

The following upstream patches are sufficient to resolve this issue:
9fe2816816a3 ("media: cec: cec-adap: always cancel work in cec_transmit_msg_fh")
42bcaacae924 ("media: cec: cec-api: add locking in cec_release()")
47c82aac10a6 ("media: cec: core: avoid recursive cec_claim_log_addrs")
cbe499977bc3 ("media: cec: core: avoid confusing "transmit timed out" message")

The contents of upstream commits 9fe2816816a3 and 42bcaacae924 are already
present in Focal via stable updates.

Noble: Fix released
Jammy: Fix released
Focal: Backport from mainline
Bionic: Patch sent to ESM list
Xenial: Not affected
Trusty: Not affected

[Test Case]

Compile tested.

[Where issues could occur]

These changes affect the kernel's HDMI-CEC framework. Issues with this fix
would manifest as issues with drivers using this framework, which could result
in HDMI display output issues or issues with CEC communication.

Hans Verkuil (3):
  media: cec: abort if the current transmit was canceled
  media: cec: core: avoid recursive cec_claim_log_addrs
  media: cec: core: avoid confusing "transmit timed out" message

 drivers/media/cec/cec-adap.c | 34 +++++++++++++++++++++++++++++-----
 drivers/media/cec/cec-api.c  |  2 +-
 include/media/cec.h          |  2 ++
 3 files changed, 32 insertions(+), 6 deletions(-)

-- 
2.43.0