qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Centos-kernel-stream-9/Documentation/userspace-api
History
Lucas Zampieri 57385cfb1d Merge: CVE-2024-23848: media: cec: use-after-free in cec_queue_msg_fh 
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/4644

JIRA: https://issues.redhat.com/browse/RHEL-22561  
CVE: CVE-2024-23848

buildinfo: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=62330527  

These four patches fixed the use-after-free issue for media cec. The patches include:  
9fe2816816a3c765dff3b88af5b5c3d9bbb911ce  
42bcaacae924bf18ae387c3f78c202df0b739292  
47c82aac10a6954d68f29f10d9758d016e8e5af1  
cbe499977bc36fedae89f0a0d7deb4ccde9798fe  

Moreover, to backport these fix patches, a certain backport for cec was required and the patches were as follows:

cbe499977bc36fedae89f0a0d7deb4ccde9798fe media: cec: core: avoid confusing "transmit timed out" message  
47c82aac10a6954d68f29f10d9758d016e8e5af1 media: cec: core: avoid recursive cec_claim_log_addrs  
9fe2816816a3c765dff3b88af5b5c3d9bbb911ce media: cec: cec-adap: always cancel work in cec_transmit_msg_fh  
ce5d241c3ad4568c12842168288993234345c0eb media: cec: core: remove length check of Timer Status  
632b8b044a940e415c6d9bd5235778b0db28add1 media: cec: core: count low-drive, error and arb-lost conditions  
f208f4a49a46cc04f51b0c335d4b6390fbfcd1b8 media: cec: core: add note about *_from_edid() function usage in drm  
948a77aaecf202f722cf2264025f9987e5bd5c26 media: cec: core: add adap_unconfigured() callback  
da53c36ddd3f118a525a04faa8c47ca471e6c467 media: cec: core: add adap_nb_transmit_canceled() callback  
73af6c7511038249cad3d5f3b44bf8d78ac0f499 media: cec: core: don't set last_initiator if tx in progress  
fe4526d99e2e06b08bb80316c3a596ea6a807b75 media: cec: core: disable adapter in cec_devnode_unregister  
6bade236f14033fa457a9e22ceb8a114a14d90e3 media: cec: core: not all messages were passed on when monitoring  
479747caa5bfa94b856bf47249006e6c8aa8be37 media: cec: add support for Absolute Volume Control  
691c3db0dc7616b3cc4ff0f52f956c9afa71b1cd media: cec-adap.c: log when claiming LA fails unexpectedly  
f9222f8ca18bcb1d55dd749b493b29fd8092fb82 media: cec-adap.c: drop activate_cnt, use state info instead  
e3891b36364e85914fcb7a535656695a67e876a7 media: cec-adap.c: reconfigure if the PA changes during configuration  
59267fc34f4900dcd2ec3295f6be04b79aee2186 media: cec-adap.c: fix is_configuring state  
184c387db057c135eeab1a163f863838edb02483 media: cec-adap.c: stop trying LAs on CEC_TX_STATUS_TIMEOUT  
498946cf6b85b5eafb142132a11351814f578535 media: cec-adap.c: don't unconfigure if already unconfigured  
f1b57164305d6342b9f77a4f4482cde492b56983 media: cec: add optional adap_configured callback  
dad272bd03d541dc7c0ff8331756eccf659f6f02 media: cec: add xfer_timeout_ms field  
e2ed5024ac2bc27d4bfc99fd58f5ab54de8fa965 media: cec: use call_op and check for !unregistered  
f9d0ecbf56f4b90745a6adc5b59281ad8f70ab54 media: cec: correctly pass on reply results  
590a8e564c6eff7e77a84e728612f1269e3c0685 media: cec: abort if the current transmit was canceled  
3813c932ed970dd4f413498ccecb03c73c4f1784 media: cec: call enable_adap on s_log_addrs  
a9e6107616bb8108aa4fc22584a05e69761a91f7 media: cec: fix a deadlock situation  
2ddd03309433d39852945c2f85d36e796c558793 media: cec: safely unhook lists in cec_data  
13cbaa4c2b7bf9f8285e1164d005dbf08244ecd5 media: cec: copy sequence field for the reply  

713bdfa10b5957053811470d298def9537d9ff13 media: cec-pin: fix interrupt en/disable handling  
3a2e4b193690ff2e44e95856d90bdeaf337211f6 media: cec-pin: drop unused 'enabled' field from struct cec_pin  
7e360fa0c0f3e7dd1aa8f2b574d7b461d0caf5e2 media: cec-pin: fix off-by-one SFT check  
c8b263937c489ec536193bbe48d810118a387e12 media: cec-pin: rename timer overrun variables  

Signed-off-by: Kate Hsuan <hpa@redhat.com>

Approved-by: Chris von Recklinghausen <crecklin@redhat.com>
Approved-by: Andrew Halaney <ahalaney@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>

Merged-by: Lucas Zampieri <lzampier@redhat.com>
 		2024-07-17 17:21:27 +00:00
..
accelerators Documentation: ocxl.rst: change FPGA indirect article to an 2021-06-09 14:51:25 +02:00
ebpf
ioctl vduse: Introduce VDUSE - vDPA Device in Userspace 2024-06-21 11:10:43 +08:00
media media: cec: add support for Absolute Volume Control 2024-07-03 16:36:56 +08:00
netlink doc/netlink: Document the sub-message format for netlink-raw 2024-04-26 17:16:08 +02:00
futex2.rst futex2: Documentation: Document sys_futex_waitv() uAPI 2022-03-10 16:55:08 -05:00
index.rst Documentation: Add documentation for VDUSE 2024-06-21 11:10:43 +08:00
iommu.rst
iommufd.rst iommufd: Document overview of iommufd 2023-03-09 16:36:08 -07:00
landlock.rst docs: userspace-api: landlock.rst: avoid using ReST :doc:`foo` markup 2021-06-17 13:24:39 -06:00
no_new_privs.rst
seccomp_filter.rst Documentation: seccomp: Fix typo in user notification 2021-07-02 10:39:45 -07:00
spec_ctrl.rst Documentation: Add L1D flushing Documentation 2022-06-30 22:30:30 -04:00
sysfs-platform_profile.rst
unshare.rst
vduse.rst VDUSE: fix documentation underline warning 2024-06-21 11:10:43 +08:00