SB2024062684 - Resource management error in Linux kernel drm mediatek driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2024-38549)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364
• https://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67
• https://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350
• https://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4
• https://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05
• https://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594
• https://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7
• https://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405
• https://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12