From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 135AB288CA6 for ; Tue, 16 Sep 2025 08:12:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758010347; cv=none; b=iiVctADNzBx9ba4ijyxsHKF/YtoAaf9pTqqk6876VbxC8b2QeUyr8ySYPJCbW/JNRoNMlL5Afs6gpUbYNV2PB6bZrEFh/JGTwedcIwBjJq2PWGF+nibNsB0pPVPvTZLOl5ER4osWEh9Z6SujB2/cq76m8zqULqcWarPx9k25Lao= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758010347; c=relaxed/simple; bh=DRmu92xjx5swkzRV7v+xTQULFyWOM5TV57fDIXTKcEM=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=WlrNRKvwPNHlKga8P/QXwQ8rmDTxEPzQZL03AE+oca032FB6mNeotz4KSxdHYZgSzCurkbLhDRgmbo+rJG/kYiif3jXoeI9awx5WP9LnCL0O94z0srzmeAgjkPMmD30ttmBU3x3l7rO9fuETJSEBeJrDoJMNi9oRpWIO7E7Zp2U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=ft0S/s98; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="ft0S/s98" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 49B91C4CEEB; Tue, 16 Sep 2025 08:12:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1758010346; bh=DRmu92xjx5swkzRV7v+xTQULFyWOM5TV57fDIXTKcEM=; h=From:To:Cc:Subject:Date:Reply-to:From; b=ft0S/s98XlXijAXWR/f0m67szYa/HjSvc6/q2qjaee37g6NExGJ/ER0unHJ6saBTi MW0ioC2oaTmtI6EblovWEAHLXSQphrkg+7wke6d9H2XGHJBjZSLLV6gTxJSgYfiIl/ zuSigZj2knqTXGkPhslu6KISxcbLorzBqKBIlfP4= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2023-53284: drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() Date: Tue, 16 Sep 2025 10:11:34 +0200 Message-ID: <2025091625-CVE-2023-53284-e65e@gregkh> X-Mailer: git-send-email 2.51.0 Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Reply-to: , X-Developer-Signature: v=1; a=openpgp-sha256; l=2328; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=ukKWDPWQ6K6pedj3sjdbrj1TJykdxllxFwJJhEl/4os=; b=owGbwMvMwCRo6H6F97bub03G02pJDBknpdfKLQjU6zyRqmW8i1ef0/Ll8/jkxK4Vb1cf2BJ8J GLxVqHDHbEsDIJMDLJiiixftvEc3V9xSNHL0PY0zBxWJpAhDFycAjCRgOsM83QiWJevarjXPjso WCOxPfbEGWVjbYYFbacPXHtn+US48PqpXZ2nDDL7p7zdDgA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() Because of the possilble failure of devm_kzalloc(), dpu_wb_conn might be NULL and will cause null pointer dereference later. Therefore, it might be better to check it and directly return -ENOMEM. Patchwork: https://patchwork.freedesktop.org/patch/512277/ [DB: fixed typo in commit message] The Linux kernel CVE team has assigned CVE-2023-53284 to this issue. Affected and fixed versions =========================== Issue introduced in 5.19 with commit 77b001acdcfeb892842caac49fb7f0d286b29c43 and fixed in 6.1.16 with commit 3723c4dbcd14cc96771000ce0b0540801e6ba059 Issue introduced in 5.19 with commit 77b001acdcfeb892842caac49fb7f0d286b29c43 and fixed in 6.2.3 with commit 5ee51b19855c5dd72aca57b8014f3b70d7798733 Issue introduced in 5.19 with commit 77b001acdcfeb892842caac49fb7f0d286b29c43 and fixed in 6.3 with commit 21e9a838f505178e109ccb3bf19d7808eb0326f4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53284 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3723c4dbcd14cc96771000ce0b0540801e6ba059 https://git.kernel.org/stable/c/5ee51b19855c5dd72aca57b8014f3b70d7798733 https://git.kernel.org/stable/c/21e9a838f505178e109ccb3bf19d7808eb0326f4