In the Linux kernel, the following vulnerability has been resolved:
drm/client: Fully protect modes[] with dev->mode_config.mutex
The modes[] array contains pointers to modes on the connectors’
mode lists, which are protected by dev->mode_config.mutex.
Thus we need to extend modes[] the same protection or by the
time we use it the elements may already be pointing to
freed/reused memory.
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/gpu/drm/drm_client_modeset.c"
],
"versions": [
{
"version": "1da177e4c3f4",
"lessThan": "5a2f957e3c45",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "41586487769e",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "d2dc6600d4e3",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "18c8cc6680ce",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "04e018bd913d",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "8ceb873d8167",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "3eadd887dbac",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/gpu/drm/drm_client_modeset.c"
],
"versions": [
{
"version": "5.4.275",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.216",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.156",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.87",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.28",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.7",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]
git.kernel.org/stable/c/04e018bd913d3d3336ab7d21c2ad31a9175fe984
git.kernel.org/stable/c/18c8cc6680ce938d0458859b6a08b4d34f7d8055
git.kernel.org/stable/c/3eadd887dbac1df8f25f701e5d404d1b90fd0fea
git.kernel.org/stable/c/41586487769eede64ab1aa6c65c74cbf76c12ef0
git.kernel.org/stable/c/5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e
git.kernel.org/stable/c/8ceb873d816786a7c8058f50d903574aff8d3764
git.kernel.org/stable/c/d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949
lists.debian.org/debian-lts-announce/2024/06/msg00017.html