On Fri, Aug 01, 2025 at 12:04:54PM +0000, Hao, Qingfeng wrote:
Hi Greg, Thanks for your check and comments. Sorry that I mistakenly changed the files of .dyad and .json. I'll pay attention next time. The original fix 66951d98d9bf ("drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'") or fb5a3d037082 for CVE-2024-26661 didn't fix the CVE (or even made it worse) because the key change is to check if “tg” is NULL before referencing it, but the fix does NOT do that correctly:
if (!abm && !tg && !panel_cntl)
return;
Here "&&" should have been "||". The follow-up commit 17ba9cde11c2 fixes this by:
if (!abm && !tg && !panel_cntl)
if (!abm || !tg || !panel_cntl) return;
So we consider that 66951d98d9bf is not a complete fix. It actually made things worse. 66951d98d9bf and 17ba9cde11c2 together fix CVE-2024-26661. The same problem happened to CVE-2024-26662. If you agree with the above analysis, should I append 17ba9cde11c2bfebbd70867b0a2ac4a22e573379 to CVE-2024-26661.sha1 ?
I think that the original CVE should just be rejected and a new one added for the other sha1 you have pointed out that actually fixes the issue because the first one does not do anything. Is that ok?
thanks,
greg k-h