[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024062513-CVE-2024-39462-f5ec@gregkh>
Date: Tue, 25 Jun 2024 16:25:14 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-39462: clk: bcm: dvp: Assign ->num before accessing ->hws
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
clk: bcm: dvp: Assign ->num before accessing ->hws
Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with
__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'
with __counted_by, which informs the bounds sanitizer about the number
of elements in hws, so that it can warn when hws is accessed out of
bounds. As noted in that change, the __counted_by member must be
initialized with the number of elements before the first array access
happens, otherwise there will be a warning from each access prior to the
initialization because the number of elements is zero. This occurs in
clk_dvp_probe() due to ->num being assigned after ->hws has been
accessed:
UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2
index 0 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]')
Move the ->num initialization to before the first access of ->hws, which
clears up the warning.
The Linux kernel CVE team has assigned CVE-2024-39462 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.6 with commit f316cdff8d67 and fixed in 6.6.34 with commit 0dc913217fb7
Issue introduced in 6.6 with commit f316cdff8d67 and fixed in 6.9.5 with commit a1dd92fca0d6
Issue introduced in 6.6 with commit f316cdff8d67 and fixed in 6.10-rc1 with commit 9368cdf90f52
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-39462
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/clk/bcm/clk-bcm2711-dvp.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/0dc913217fb79096597005bba9ba738e2db5cd02
https://git.kernel.org/stable/c/a1dd92fca0d6b58b55ed0484f75d4205dbb77010
https://git.kernel.org/stable/c/9368cdf90f52a68120d039887ccff74ff33b4444
Powered by blists - more mailing lists