CVE-2024-38592

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/mediatek: Init `ddp_comp` with devm_kcalloc()<br /> <br /> In the case where `conn_routes` is true we allocate an extra slot in<br /> the `ddp_comp` array but mtk_drm_crtc_create() never seemed to<br /> initialize it in the test case I ran. For me, this caused a later<br /> crash when we looped through the array in mtk_drm_crtc_mode_valid().<br /> This showed up for me when I booted with `slub_debug=FZPUA` which<br /> poisons the memory initially. Without `slub_debug` I couldn&amp;#39;t<br /> reproduce, presumably because the later code handles the value being<br /> NULL and in most cases (not guaranteed in all cases) the memory the<br /> allocator returned started out as 0.<br /> <br /> It really doesn&amp;#39;t hurt to initialize the array with devm_kcalloc()<br /> since the array is small and the overhead of initting a handful of<br /> elements to 0 is small. In general initting memory to zero is a safer<br /> practice and usually it&amp;#39;s suggested to only use the non-initting alloc<br /> functions if you really need to.<br /> <br /> Let&amp;#39;s switch the function to use an allocation function that zeros the<br /> memory. For me, this avoids the crash.