5.15-stable patches

added patches:
	drm-edid-fixed-the-bug-that-hdr-metadata-was-not-reset.patch
	platform-x86-dell-wmi-sysman-avoid-buffer-overflow-in-current_password_store.patch

diff --git a/queue-5.15/drm-edid-fixed-the-bug-that-hdr-metadata-was-not-reset.patch b/queue-5.15/drm-edid-fixed-the-bug-that-hdr-metadata-was-not-reset.patch
new file mode 100644 (file)
index 0000000..b3890ec
--- /dev/null
+++ b/queue-5.15/drm-edid-fixed-the-bug-that-hdr-metadata-was-not-reset.patch
@@ -0,0 +1,35 @@
+From 6692dbc15e5ed40a3aa037aced65d7b8826c58cd Mon Sep 17 00:00:00 2001
+From: "feijuan.li" <feijuan.li@samsung.com>
+Date: Wed, 14 May 2025 14:35:11 +0800
+Subject: drm/edid: fixed the bug that hdr metadata was not reset
+
+From: feijuan.li <feijuan.li@samsung.com>
+
+commit 6692dbc15e5ed40a3aa037aced65d7b8826c58cd upstream.
+
+When DP connected to a device with HDR capability,
+the hdr structure was filled.Then connected to another
+sink device without hdr capability, but the hdr info
+still exist.
+
+Fixes: e85959d6cbe0 ("drm: Parse HDR metadata info from EDID")
+Cc: <stable@vger.kernel.org> # v5.3+
+Signed-off-by: "feijuan.li" <feijuan.li@samsung.com>
+Reviewed-by: Jani Nikula <jani.nikula@intel.com>
+Link: https://lore.kernel.org/r/20250514063511.4151780-1-feijuan.li@samsung.com
+Signed-off-by: Jani Nikula <jani.nikula@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/drm_edid.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/gpu/drm/drm_edid.c
++++ b/drivers/gpu/drm/drm_edid.c
+@@ -5172,6 +5172,7 @@ drm_reset_display_info(struct drm_connec
+       info->has_hdmi_infoframe = false;
+       info->rgb_quant_range_selectable = false;
+       memset(&info->hdmi, 0, sizeof(info->hdmi));
++      memset(&connector->hdr_sink_metadata, 0, sizeof(connector->hdr_sink_metadata));
+ 
+       info->non_desktop = 0;
+       memset(&info->monitor_range, 0, sizeof(info->monitor_range));

diff --git a/queue-5.15/platform-x86-dell-wmi-sysman-avoid-buffer-overflow-in-current_password_store.patch b/queue-5.15/platform-x86-dell-wmi-sysman-avoid-buffer-overflow-in-current_password_store.patch
new file mode 100644 (file)
index 0000000..e5ab806
--- /dev/null
+++ b/queue-5.15/platform-x86-dell-wmi-sysman-avoid-buffer-overflow-in-current_password_store.patch
@@ -0,0 +1,42 @@
+From 4e89a4077490f52cde652d17e32519b666abf3a6 Mon Sep 17 00:00:00 2001
+From: Vladimir Moskovkin <Vladimir.Moskovkin@kaspersky.com>
+Date: Wed, 14 May 2025 12:12:55 +0000
+Subject: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Vladimir Moskovkin <Vladimir.Moskovkin@kaspersky.com>
+
+commit 4e89a4077490f52cde652d17e32519b666abf3a6 upstream.
+
+If the 'buf' array received from the user contains an empty string, the
+'length' variable will be zero. Accessing the 'buf' array element with
+index 'length - 1' will result in a buffer overflow.
+
+Add a check for an empty string.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: e8a60aa7404b ("platform/x86: Introduce support for Systems Management Driver over WMI for Dell Systems")
+Cc: stable@vger.kernel.org
+Signed-off-by: Vladimir Moskovkin <Vladimir.Moskovkin@kaspersky.com>
+Link: https://lore.kernel.org/r/39973642a4f24295b4a8fad9109c5b08@kaspersky.com
+Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
+Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c
++++ b/drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c
+@@ -45,7 +45,7 @@ static ssize_t current_password_store(st
+       int length;
+ 
+       length = strlen(buf);
+-      if (buf[length-1] == '\n')
++      if (length && buf[length - 1] == '\n')
+               length--;
+ 
+       /* firmware does verifiation of min/max password length,

diff --git a/queue-5.15/series b/queue-5.15/series
index a7dece521f0361ac9d46ee084f5515fe69333d3b..7498d9e9203fb872c60995f57f9311e35dc69194 100644 (file)
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -176,3 +176,5 @@ can-bcm-add-missing-rcu-read-protection-for-procfs-content.patch
 alsa-pcm-fix-race-of-buffer-access-at-pcm-oss-layer.patch
 alsa-hda-realtek-add-quirk-for-lenovo-yoga-pro-7-14asp10.patch
 llc-fix-data-loss-when-reading-from-a-socket-in-llc_ui_recvmsg.patch
+platform-x86-dell-wmi-sysman-avoid-buffer-overflow-in-current_password_store.patch
+drm-edid-fixed-the-bug-that-hdr-metadata-was-not-reset.patch