SB2024111003 - Memory leak in Linux kernel drm tests driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2024-50214)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the drm_test_drm_hdmi_compute_mode_clock_rgb(), drm_test_drm_hdmi_compute_mode_clock_rgb_10bpc(), drm_test_drm_hdmi_compute_mode_clock_rgb_10bpc_vic_1(), drm_test_drm_hdmi_compute_mode_clock_rgb_12bpc(), drm_test_drm_hdmi_compute_mode_clock_rgb_12bpc_vic_1(), drm_test_drm_hdmi_compute_mode_clock_rgb_double(), drm_test_connector_hdmi_compute_mode_clock_yuv420_valid(), drm_test_connector_hdmi_compute_mode_clock_yuv420_10_bpc(), drm_test_connector_hdmi_compute_mode_clock_yuv420_12_bpc(), drm_test_connector_hdmi_compute_mode_clock_yuv422_8_bpc(), drm_test_connector_hdmi_compute_mode_clock_yuv422_10_bpc() and drm_test_connector_hdmi_compute_mode_clock_yuv422_12_bpc() functions in drivers/gpu/drm/tests/drm_connector_test.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/df2b00685cd33cd85be8910c7d6d22c4ebbf18bb
• https://git.kernel.org/stable/c/926163342a2e7595d950e84c17c693b1272bd491
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.7
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12