lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024111932-CVE-2024-53063-1ffa@gregkh> Date: Tue, 19 Nov 2024 18:22:34 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access Description =========== In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set or not. When not set, dvb_register_device() won't check for boundaries, as it will rely that a previous call to dvb_register_adapter() would already be enforcing it. On a similar way, dvb_device_open() uses the assumption that the register functions already did the needed checks. This can be fragile if some device ends using different calls. This also generate warnings on static check analysers like Coverity. So, add explicit guards to prevent potential risk of OOM issues. The Linux kernel CVE team has assigned CVE-2024-53063 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 4.19.324 with commit fedfde9deb83 Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 5.4.286 with commit 3b88675e18b6 Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 5.10.230 with commit a4a17210c03a Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 5.15.172 with commit 5f76f7df1486 Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 6.1.117 with commit b751a9602527 Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 6.6.61 with commit 1e461672616b Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 6.11.8 with commit 9c17085fabbd Issue introduced in 2.6.29 with commit 5dd3f3071070 and fixed in 6.12 with commit 972e63e895ab Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-53063 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/dvb-core/dvbdev.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/fedfde9deb83ac8d2f3d5f36f111023df34b1684 https://git.kernel.org/stable/c/3b88675e18b6517043a6f734eaa8ea6eb3bfa140 https://git.kernel.org/stable/c/a4a17210c03ade1c8d9a9f193a105654b7a05c11 https://git.kernel.org/stable/c/5f76f7df14861e3a560898fa41979ec92424b58f https://git.kernel.org/stable/c/b751a96025275c17f04083cbfe856822f1658946 https://git.kernel.org/stable/c/1e461672616b726f29261ee81bb991528818537c https://git.kernel.org/stable/c/9c17085fabbde2041c893d29599800f2d4992b23 https://git.kernel.org/stable/c/972e63e895abbe8aa1ccbdbb4e6362abda7cd457
Powered by blists - more mailing lists