| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122431-CVE-2024-53161-50f6@gregkh> Date: Tue, 24 Dec 2024 12:29:41 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow Description =========== In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits. The Linux kernel CVE team has assigned CVE-2024-53161 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4 with commit 82413e562ea6eadfb6de946dcc6f74af31d64e7f and fixed in 5.4.287 with commit 8cc31cfa36ff37aff399b72faa2ded58110112ae Issue introduced in 5.4 with commit 82413e562ea6eadfb6de946dcc6f74af31d64e7f and fixed in 5.10.231 with commit e0269ea7a628fdeddd65b92fe29c09655dbb80b9 Issue introduced in 5.4 with commit 82413e562ea6eadfb6de946dcc6f74af31d64e7f and fixed in 5.15.174 with commit 4ad7033de109d0fec99086f352f58a3412e378b8 Issue introduced in 5.4 with commit 82413e562ea6eadfb6de946dcc6f74af31d64e7f and fixed in 6.1.120 with commit 578ca89b04680145d41011e7cec8806fefbb59e7 Issue introduced in 5.4 with commit 82413e562ea6eadfb6de946dcc6f74af31d64e7f and fixed in 6.6.64 with commit ac6ebb9edcdb7077e841862c402697c4c48a7c0a Issue introduced in 5.4 with commit 82413e562ea6eadfb6de946dcc6f74af31d64e7f and fixed in 6.11.11 with commit fdb90006184aa84c7b4e09144ed0936d4e1891a7 Issue introduced in 5.4 with commit 82413e562ea6eadfb6de946dcc6f74af31d64e7f and fixed in 6.12.2 with commit 000930193fe5eb79ce5563ee2e9ddb0c6e4e1bb5 Issue introduced in 5.4 with commit 82413e562ea6eadfb6de946dcc6f74af31d64e7f and fixed in 6.13-rc1 with commit 1fe774a93b46bb029b8f6fa9d1f25affa53f06c6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-53161 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/edac/bluefield_edac.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8cc31cfa36ff37aff399b72faa2ded58110112ae https://git.kernel.org/stable/c/e0269ea7a628fdeddd65b92fe29c09655dbb80b9 https://git.kernel.org/stable/c/4ad7033de109d0fec99086f352f58a3412e378b8 https://git.kernel.org/stable/c/578ca89b04680145d41011e7cec8806fefbb59e7 https://git.kernel.org/stable/c/ac6ebb9edcdb7077e841862c402697c4c48a7c0a https://git.kernel.org/stable/c/fdb90006184aa84c7b4e09144ed0936d4e1891a7 https://git.kernel.org/stable/c/000930193fe5eb79ce5563ee2e9ddb0c6e4e1bb5 https://git.kernel.org/stable/c/1fe774a93b46bb029b8f6fa9d1f25affa53f06c6
Powered by blists - more mailing lists