CVE-2024-27040

In the first if statement, we're checking if 'replay' is NULL. But in the second if statement, we're not checking if 'replay' is NULL again before calling replay->funcs->replaysetpower_opt().

if (replay == NULL && force_static) return false;

...

if (link->replaysettings.replayfeatureenabled && replay->funcs->replaysetpoweropt) { replay->funcs->replaysetpoweropt(replay, *poweropts, panelinst); link->replaysettings.replaypoweroptactive = *poweropts; }

If 'replay' is NULL, this will cause a null pointer dereference.

Fixes the below found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/linkedppanelcontrol.c:895 edpsetreplayallow_active() error: we previously assumed 'replay' could be null (see line 887)

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c7ddc0a800bc9f681a18c3bdd9f06b61adfabc11

Fixed

f610c46771ef1047e46d61807aa7c69cd29e63d8

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c7ddc0a800bc9f681a18c3bdd9f06b61adfabc11

Fixed

e7cadd5d3a8ffe334d0229ba9eda4290138d56e7

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c7ddc0a800bc9f681a18c3bdd9f06b61adfabc11

Fixed

d0e94f4807ff0df66cf447d6b4bbb8ac830e99c3

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c7ddc0a800bc9f681a18c3bdd9f06b61adfabc11

Fixed

f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b

Affected versions

v6.*

v6.5

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.3

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.7.1

v6.7.10

v6.7.2

v6.7.3

v6.7.4

v6.7.5

v6.7.6

v6.7.7

v6.7.8

v6.7.9

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.8.1

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f610c46771ef1047e46d61807aa7c69cd29e63d8",
        "digest": {
            "line_hashes": [
                "79120873325904312306235979798142095209",
                "143208364289748842968342241170399040889",
                "257860781515914042957347249594788809880",
                "203212367251652195645332135570115276683"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2024-27040-2d9e25e0"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e7cadd5d3a8ffe334d0229ba9eda4290138d56e7",
        "digest": {
            "line_hashes": [
                "79120873325904312306235979798142095209",
                "143208364289748842968342241170399040889",
                "257860781515914042957347249594788809880",
                "203212367251652195645332135570115276683"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2024-27040-4115e4ab"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c",
            "function": "edp_set_replay_allow_active"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f610c46771ef1047e46d61807aa7c69cd29e63d8",
        "digest": {
            "length": 909.0,
            "function_hash": "250328450926169030591668149283632055511"
        },
        "id": "CVE-2024-27040-73e77a8c"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c",
            "function": "edp_set_replay_allow_active"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d0e94f4807ff0df66cf447d6b4bbb8ac830e99c3",
        "digest": {
            "length": 909.0,
            "function_hash": "250328450926169030591668149283632055511"
        },
        "id": "CVE-2024-27040-8fe48163"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d0e94f4807ff0df66cf447d6b4bbb8ac830e99c3",
        "digest": {
            "line_hashes": [
                "79120873325904312306235979798142095209",
                "143208364289748842968342241170399040889",
                "257860781515914042957347249594788809880",
                "203212367251652195645332135570115276683"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2024-27040-9b9416cb"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c",
            "function": "edp_set_replay_allow_active"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e7cadd5d3a8ffe334d0229ba9eda4290138d56e7",
        "digest": {
            "length": 909.0,
            "function_hash": "250328450926169030591668149283632055511"
        },
        "id": "CVE-2024-27040-aa1ec187"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c",
            "function": "edp_set_replay_allow_active"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b",
        "digest": {
            "length": 909.0,
            "function_hash": "250328450926169030591668149283632055511"
        },
        "id": "CVE-2024-27040-b7dcb806"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b",
        "digest": {
            "line_hashes": [
                "79120873325904312306235979798142095209",
                "143208364289748842968342241170399040889",
                "257860781515914042957347249594788809880",
                "203212367251652195645332135570115276683"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2024-27040-fe668b74"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.6.23

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.7.11

Type: ECOSYSTEM
Events: Introduced

6.8.0

Fixed

6.8.2