|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: DISPUTED: CVE-2019-16230: kernel-source: NULL pointer dereference in alloc_workqueue in drivers/gpu/drm/radeon/radeon_display.c | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexander Bergmann <abergmann> |
| Component: | Incidents | Assignee: | E-mail List <kernel-maintainers> |
| Status: | RESOLVED INVALID | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P4 - Low | CC: | bpetkov, meissner, mhocko, smash_bz, tiwai, tzimmermann |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/242227/ | ||
| Whiteboard: | CVSSv3:SUSE:CVE-2019-16230:4.0:(AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) maint:planned:update | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Alexander Bergmann
2019-09-12 07:55:52 UTC
Looking at
> https://lkml.org/lkml/2019/9/9/487
the radeon change is still missing from v5.5. The other changes are in non-DRM code. Someone with net and/or scsi credentials should look at them.
Ok, so AFAICT, this CVE is only for the radeon part. And considering how debatable are those "fixes", I think we can simply say that this is not fixed upstream and not fixed in our kernels either. The allocation is usually happening on module load, which happens for this driver during bootup. It is not controllable by an attacker. It is also unlikely to have an OOM condition at this time. We will not fix this. dispute was also accepted by Mitre. |