SB2024060567 - NULL pointer dereference in Linux kernel dc core driver

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2023-52753)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_stream_get_vblank_counter() and dc_stream_get_scanoutpos() functions in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/09909f515032fa80b921fd3118efe66b185d10fd
• https://git.kernel.org/stable/c/eac3e4760aa12159f7f5475d55a67b7933abc195
• https://git.kernel.org/stable/c/79b6a90f4f2433312154cd68452b0ba501fa74db
• https://git.kernel.org/stable/c/4e497f1acd99075b13605b2e7fa0cba721a2cfd9
• https://git.kernel.org/stable/c/8a06894666e0b462c9316b26ab615cefdd0d676c
• https://git.kernel.org/stable/c/6d8653b1a7a8dc938b566ae8c4f373b36e792c68
• https://git.kernel.org/stable/c/df8bc953eed72371e43ca407bd063507f760cf89
• https://git.kernel.org/stable/c/b1904ed480cee3f9f4036ea0e36d139cb5fee2d6
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.300
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.202
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.140
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7