lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024111932-CVE-2024-53063-1ffa@gregkh>
Date: Tue, 19 Nov 2024 18:22:34 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

media: dvbdev: prevent the risk of out of memory access

The dvbdev contains a static variable used to store dvb minors.

The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set
or not. When not set, dvb_register_device() won't check for
boundaries, as it will rely that a previous call to
dvb_register_adapter() would already be enforcing it.

On a similar way, dvb_device_open() uses the assumption
that the register functions already did the needed checks.

This can be fragile if some device ends using different
calls. This also generate warnings on static check analysers
like Coverity.

So, add explicit guards to prevent potential risk of OOM issues.

The Linux kernel CVE team has assigned CVE-2024-53063 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 4.19.324 with commit fedfde9deb83
	Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 5.4.286 with commit 3b88675e18b6
	Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 5.10.230 with commit a4a17210c03a
	Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 5.15.172 with commit 5f76f7df1486
	Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 6.1.117 with commit b751a9602527
	Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 6.6.61 with commit 1e461672616b
	Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 6.11.8 with commit 9c17085fabbd
	Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 6.12 with commit 972e63e895ab

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-53063
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/media/dvb-core/dvbdev.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/fedfde9deb83ac8d2f3d5f36f111023df34b1684
	https://git.kernel.org/stable/c/3b88675e18b6517043a6f734eaa8ea6eb3bfa140
	https://git.kernel.org/stable/c/a4a17210c03ade1c8d9a9f193a105654b7a05c11
	https://git.kernel.org/stable/c/5f76f7df14861e3a560898fa41979ec92424b58f
	https://git.kernel.org/stable/c/b751a96025275c17f04083cbfe856822f1658946
	https://git.kernel.org/stable/c/1e461672616b726f29261ee81bb991528818537c
	https://git.kernel.org/stable/c/9c17085fabbde2041c893d29599800f2d4992b23
	https://git.kernel.org/stable/c/972e63e895abbe8aa1ccbdbb4e6362abda7cd457

Powered by blists - more mailing lists