[Public]
> -----Original Message-----
> From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> Sent: Tuesday, December 3, 2024 3:50 AM
> To: Zhang Zekun <zhangzekun11@xxxxxxxxxx>
> Cc: cve@xxxxxxxxxx; linux-cve-announce@xxxxxxxxxxxxxxx; stable@xxxxxxxxxxxxxxx;
> Wang, Yang(Kevin) <KevinYang.Wang@xxxxxxx>; Deucher, Alexander
> <Alexander.Deucher@xxxxxxx>; liuyongqiang13@xxxxxxxxxx
> Subject: Re: Possible wrong fix patch for some stable branches
>
> On Tue, Dec 03, 2024 at 10:06:51AM +0800, Zhang Zekun wrote:
> > Hi, All
> >
> > The mainline patch to fix CVE-2024-50282 add a check to fix a potential buffer
> overflow issue in amdgpu_debugfs_gprwave_read() which is introduced in commit
> 553f973a0d7b ("drm/amd/amdgpu: Update debugfs for XCC support (v3)"), but
> some linux-stable fix patches add the check in some other funcitons, is something
> wrong here?
> >
> > Stable version which contain the suspicious patches:
> > Fixed in 4.19.324 with commit 673bdb4200c0: Fixed in
> > amdgpu_debugfs_regs_smc_read() Fixed in 5.4.286 with commit
> > 7ccd781794d2: Fixed in amdgpu_debugfs_regs_smc_read() Fixed in
> > 5.10.230 with commit 17f5f18085ac: Fixed in
> > amdgpu_debugfs_regs_pcie_write() Fixed in 5.15.172 with commit
> > aaf6160a4b7f: Fixed in amdgpu_debugfs_regs_didt_write() Fixed in
> > 6.1.117 with commit 25d7e84343e1: Fixed in
> > amdgpu_debugfs_regs_pcie_write()
> >
> > Link to mainline fix patch:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/com
> > mit/?id=4d75b9468021c73108b4439794d69e892b1d24e3
>
> If this is incorrect, can you send patches fixing this up?
All of these should be reverted:
4.19.324 with commit 673bdb4200c0
5.4.286 with commit 7ccd781794d2
5.10.230 with commit 17f5f18085ac
5.15.172 with commit aaf6160a4b7f
6.1.117 with commit 25d7e84343e1
The function which was patched didn't exist in kernel 6.1 and older kernels and the patches ended up patching a different function in the same file instead.
Thanks,
Alex
>
> thanks,
>
> greg k-h
