diff options
| author | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-11-26 08:30:00 -0600 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-11-26 08:30:00 -0600 |
| commit | bf6e2e5c451ec4c8cf99792c5174aed9fa65c6e1 (patch) | |
| tree | 283e8437c744c5cb8ff582f505d89a9871f72a3c | |
| parent | 82d983221ca70c2813b39de565b7968c3a955cf6 (diff) | |
| download | kernel-bf6e2e5c451ec4c8cf99792c5174aed9fa65c6e1.tar.gz kernel-bf6e2e5c451ec4c8cf99792c5174aed9fa65c6e1.tar.xz kernel-bf6e2e5c451ec4c8cf99792c5174aed9fa65c6e1.zip | |
Fix CVE-2019-19082
| -rw-r--r-- | 0001-drm-amd-display-prevent-memory-leak.patch | 82 | ||||
| -rw-r--r-- | kernel.spec | 6 |
2 files changed, 88 insertions, 0 deletions
diff --git a/0001-drm-amd-display-prevent-memory-leak.patch b/0001-drm-amd-display-prevent-memory-leak.patch new file mode 100644 index 000000000..e74ad2913 --- /dev/null +++ b/0001-drm-amd-display-prevent-memory-leak.patch @@ -0,0 +1,82 @@ +From 104c307147ad379617472dd91a5bcb368d72bd6d Mon Sep 17 00:00:00 2001 +From: Navid Emamdoost <navid.emamdoost@gmail.com> +Date: Tue, 24 Sep 2019 23:23:56 -0500 +Subject: [PATCH] drm/amd/display: prevent memory leak + +In dcn*_create_resource_pool the allocated memory should be released if +construct pool fails. + +Reviewed-by: Harry Wentland <harry.wentland@amd.com> +Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> +Signed-off-by: Alex Deucher <alexander.deucher@amd.com> +--- + drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c | 1 + + drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c | 1 + + drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c | 1 + + drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c | 1 + + drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c | 1 + + 5 files changed, 5 insertions(+) + +diff --git a/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c b/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c +index afc61055eca1..1787b9bf800a 100644 +--- a/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c ++++ b/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c +@@ -1091,6 +1091,7 @@ struct resource_pool *dce100_create_resource_pool( + if (construct(num_virtual_links, dc, pool)) + return &pool->base; + ++ kfree(pool); + BREAK_TO_DEBUGGER(); + return NULL; + } +diff --git a/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c b/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c +index c66fe170e1e8..318e9c2e2ca8 100644 +--- a/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c ++++ b/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c +@@ -1462,6 +1462,7 @@ struct resource_pool *dce110_create_resource_pool( + if (construct(num_virtual_links, dc, pool, asic_id)) + return &pool->base; + ++ kfree(pool); + BREAK_TO_DEBUGGER(); + return NULL; + } +diff --git a/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c b/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c +index 2b3a2917c168..83e1878161c9 100644 +--- a/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c ++++ b/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c +@@ -1342,6 +1342,7 @@ struct resource_pool *dce112_create_resource_pool( + if (construct(num_virtual_links, dc, pool)) + return &pool->base; + ++ kfree(pool); + BREAK_TO_DEBUGGER(); + return NULL; + } +diff --git a/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c b/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c +index 236c4c0324b1..8b85e5274bba 100644 +--- a/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c ++++ b/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c +@@ -1208,6 +1208,7 @@ struct resource_pool *dce120_create_resource_pool( + if (construct(num_virtual_links, dc, pool)) + return &pool->base; + ++ kfree(pool); + BREAK_TO_DEBUGGER(); + return NULL; + } +diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c +index 5a89e462e7cc..59305e411a66 100644 +--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c ++++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c +@@ -1570,6 +1570,7 @@ struct resource_pool *dcn10_create_resource_pool( + if (construct(init_data->num_virtual_links, dc, pool)) + return &pool->base; + ++ kfree(pool); + BREAK_TO_DEBUGGER(); + return NULL; + } +-- +2.23.0 + diff --git a/kernel.spec b/kernel.spec index 5c137697e..3f5c4f2b8 100644 --- a/kernel.spec +++ b/kernel.spec @@ -667,6 +667,9 @@ Patch528: mwifiex-Fix-heap-overflow-in-mmwifiex_process_tdls_action_frame.patch # CVE-2019-19078 rhbz 1776354 1776353 Patch529: ath10k-fix-memory-leak.patch +# CVE-2019-19082 rhbz 1776832 1776833 +Patch530: 0001-drm-amd-display-prevent-memory-leak.patch + # END OF PATCH DEFINITIONS %endif @@ -1868,6 +1871,9 @@ fi # # %changelog +* Tue Nov 26 2019 Justin M. Forbes <jforbes@fedoraproject.org> +- Fix CVE-2019-19082 (rhbz 1776832 1776833) + * Mon Nov 25 2019 Justin M. Forbes <jforbes@fedoraproject.org> - 5.3.13-300 - Fix CVE-2019-14895 (rhbz 1774870 1776139) - Fix CVE-2019-14896 (rhbz 1774875 1776143) |