From: Greg Kroah-Hartman Date: Sat, 24 May 2025 16:00:38 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v6.12.31~54 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=12f93cbe2648113e28c1b74d4b2bd324e6dcab08;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: drm-edid-fixed-the-bug-that-hdr-metadata-was-not-reset.patch platform-x86-dell-wmi-sysman-avoid-buffer-overflow-in-current_password_store.patch --- diff --git a/queue-5.15/drm-edid-fixed-the-bug-that-hdr-metadata-was-not-reset.patch b/queue-5.15/drm-edid-fixed-the-bug-that-hdr-metadata-was-not-reset.patch new file mode 100644 index 0000000000..b3890ecaf9 --- /dev/null +++ b/queue-5.15/drm-edid-fixed-the-bug-that-hdr-metadata-was-not-reset.patch @@ -0,0 +1,35 @@ +From 6692dbc15e5ed40a3aa037aced65d7b8826c58cd Mon Sep 17 00:00:00 2001 +From: "feijuan.li" +Date: Wed, 14 May 2025 14:35:11 +0800 +Subject: drm/edid: fixed the bug that hdr metadata was not reset + +From: feijuan.li + +commit 6692dbc15e5ed40a3aa037aced65d7b8826c58cd upstream. + +When DP connected to a device with HDR capability, +the hdr structure was filled.Then connected to another +sink device without hdr capability, but the hdr info +still exist. + +Fixes: e85959d6cbe0 ("drm: Parse HDR metadata info from EDID") +Cc: # v5.3+ +Signed-off-by: "feijuan.li" +Reviewed-by: Jani Nikula +Link: https://lore.kernel.org/r/20250514063511.4151780-1-feijuan.li@samsung.com +Signed-off-by: Jani Nikula +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/drm_edid.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/gpu/drm/drm_edid.c ++++ b/drivers/gpu/drm/drm_edid.c +@@ -5172,6 +5172,7 @@ drm_reset_display_info(struct drm_connec + info->has_hdmi_infoframe = false; + info->rgb_quant_range_selectable = false; + memset(&info->hdmi, 0, sizeof(info->hdmi)); ++ memset(&connector->hdr_sink_metadata, 0, sizeof(connector->hdr_sink_metadata)); + + info->non_desktop = 0; + memset(&info->monitor_range, 0, sizeof(info->monitor_range)); diff --git a/queue-5.15/platform-x86-dell-wmi-sysman-avoid-buffer-overflow-in-current_password_store.patch b/queue-5.15/platform-x86-dell-wmi-sysman-avoid-buffer-overflow-in-current_password_store.patch new file mode 100644 index 0000000000..e5ab806791 --- /dev/null +++ b/queue-5.15/platform-x86-dell-wmi-sysman-avoid-buffer-overflow-in-current_password_store.patch @@ -0,0 +1,42 @@ +From 4e89a4077490f52cde652d17e32519b666abf3a6 Mon Sep 17 00:00:00 2001 +From: Vladimir Moskovkin +Date: Wed, 14 May 2025 12:12:55 +0000 +Subject: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Vladimir Moskovkin + +commit 4e89a4077490f52cde652d17e32519b666abf3a6 upstream. + +If the 'buf' array received from the user contains an empty string, the +'length' variable will be zero. Accessing the 'buf' array element with +index 'length - 1' will result in a buffer overflow. + +Add a check for an empty string. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Fixes: e8a60aa7404b ("platform/x86: Introduce support for Systems Management Driver over WMI for Dell Systems") +Cc: stable@vger.kernel.org +Signed-off-by: Vladimir Moskovkin +Link: https://lore.kernel.org/r/39973642a4f24295b4a8fad9109c5b08@kaspersky.com +Reviewed-by: Ilpo Järvinen +Signed-off-by: Ilpo Järvinen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c ++++ b/drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c +@@ -45,7 +45,7 @@ static ssize_t current_password_store(st + int length; + + length = strlen(buf); +- if (buf[length-1] == '\n') ++ if (length && buf[length - 1] == '\n') + length--; + + /* firmware does verifiation of min/max password length, diff --git a/queue-5.15/series b/queue-5.15/series index a7dece521f..7498d9e920 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -176,3 +176,5 @@ can-bcm-add-missing-rcu-read-protection-for-procfs-content.patch alsa-pcm-fix-race-of-buffer-access-at-pcm-oss-layer.patch alsa-hda-realtek-add-quirk-for-lenovo-yoga-pro-7-14asp10.patch llc-fix-data-loss-when-reading-from-a-socket-in-llc_ui_recvmsg.patch +platform-x86-dell-wmi-sysman-avoid-buffer-overflow-in-current_password_store.patch +drm-edid-fixed-the-bug-that-hdr-metadata-was-not-reset.patch