From: 18801328227 <1468888505@139.com>
To: Greg KH <gregkh@linuxfoundation.org>,
ChristianKönig <christian.koenig@amd.com>
Cc: cve <cve@kernel.org>,
"srinivasan.shanmugam " <srinivasan.shanmugam@amd.com>,
patches <patches@lists.linux.dev>,
linux-kernel <linux-kernel@vger.kernel.org>,
"alexander.deucher " <alexander.deucher@amd.com>,
"Xinhui.Pan " <Xinhui.Pan@amd.com>, airlied <airlied@gmail.com>,
daniel <daniel@ffwll.ch>, sashal <sashal@kernel.org>,
"guchun.chen " <guchun.chen@amd.com>,
amd-gfx <amd-gfx@lists.freedesktop.org>,
dri-devel <dri-devel@lists.freedesktop.org>
Subject: Re:Re: [PATCH 6.1.y] drm/amdgpu: Fix potential out-of-bounds access in'amdgpu_discovery_reg_base_init()'
Date: Tue, 24 Mar 2026 08:52:01 +0800 (CST) [thread overview]
Message-ID: <2b1469c1e031aed-00001.Richmail.02090755151412502065@139.com> (raw)
In-Reply-To: 2026032335-muster-chump-60f7@gregkh
[-- Attachment #1: Type: text/plain, Size: 2646 bytes --]
Hi Greg & Christian,
Thanks for pointing this out. You are correct! I submitted this patch solely to fix CVE-2024-27042. I am happy to withdraw it. Thanks a lot.
--------------------------------------------------------------------------------
----The following is the content of the forwarded email----
From:Greg KH
To:"ChristianKönig"
Date:2026-03-23 20:37:46
Subject:Re: [PATCH 6.1.y] drm/amdgpu: Fix potential out-of-bounds access in'amdgpu_discovery_reg_base_init()'
On Mon, Mar 23, 2026 at 01:28:24PM +0100, Christian König wrote:
> Hi Greg,
>
> On 3/23/26 11:32, Greg KH wrote:
> > On Mon, Mar 23, 2026 at 10:51:18AM +0100, Christian König wrote:
> >> Hi Li,
> >>
> >> On 3/23/26 08:10, Li hongliang wrote:
> >>> From: Srinivasan Shanmugam
> >>>
> >>> [ Upstream commit cdb637d339572398821204a1142d8d615668f1e9 ]
> >>>
> >>> The issue arises when the array 'adev->vcn.vcn_config' is accessed
> >>> before checking if the index 'adev->vcn.num_vcn_inst' is within the
> >>> bounds of the array.
> >>>
> >>> The fix involves moving the bounds check before the array access. This
> >>> ensures that 'adev->vcn.num_vcn_inst' is within the bounds of the array
> >>> before it is used as an index.
> >>>
> >>> Fixes the below:
> >>> drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1289 amdgpu_discovery_reg_base_init() error: testing array offset 'adev->vcn.num_vcn_inst' after use.
> >>
> >> well this patch only fixed a compiler warning and has not much practical value otherwise.
> >>
> >> Why are you sending this for inclusion into the 6.1 kernel?
> >
> > Perhaps because it was assigned to CVE-2024-27042? If this is ONLY a
> > compiler warning fix, and NOT an actual vulnerability fix, please let
> > cve@kernel.org know about that and they will revoke this CVE.
>
> Thanks a lot for pointing that out, adding cve@kernel.org.
>
> As far as I can see the CVE-2024-27042 is not valid or at least not correctly categorized.
>
> It is correct that there is a potential array overrun in amdgpu_discovery_reg_base_init(), but that function is used to parse a VBIOS table from a flash EEPROM located on the HW and not user input.
>
> If an attacker already had the ability to modify that EEPROM he could just overwrite the VBIOS code were parts are directly executed at bootup and/or driver load. So this problem here wouldn't be needed at all.
>
> It is good that this warning is fixed, but as far as I can see there is no reason whatsoever to backport it nor to assign a CVE entry for it.
Now rejected, thanks!
greg k-h
[-- Attachment #2: Type: text/html, Size: 19005 bytes --]
next prev parent reply other threads:[~2026-03-24 9:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-23 7:10 [PATCH 6.1.y] drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' Li hongliang
2026-03-23 9:51 ` Christian König
2026-03-23 10:32 ` Greg KH
2026-03-23 12:28 ` Christian König
2026-03-23 12:37 ` Greg KH
2026-03-24 0:52 ` 18801328227 [this message]
2026-03-24 22:02 ` Claude review: " Claude Code Review Bot
2026-03-24 22:02 ` Claude Code Review Bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2b1469c1e031aed-00001.Richmail.02090755151412502065@139.com \
--to=1468888505@139.com \
--cc=Xinhui.Pan@amd.com \
--cc=airlied@gmail.com \
--cc=alexander.deucher@amd.com \
--cc=amd-gfx@lists.freedesktop.org \
--cc=christian.koenig@amd.com \
--cc=cve@kernel.org \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=gregkh@linuxfoundation.org \
--cc=guchun.chen@amd.com \
--cc=linux-kernel@vger.kernel.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=srinivasan.shanmugam@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox