lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025030611-CVE-2024-58068-24c2@gregkh> Date: Thu, 6 Mar 2025 16:54:21 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Description =========== In the Linux kernel, the following vulnerability has been resolved: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were missing in the OPP consumer node, the kernel will crash with: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 ... pc : _read_bw+0x8/0x10 lr : _opp_table_find_key+0x9c/0x174 ... Call trace: _read_bw+0x8/0x10 (P) _opp_table_find_key+0x9c/0x174 (L) _find_key+0x98/0x168 dev_pm_opp_find_bw_ceil+0x50/0x88 ... In order to fix the crash, create an assert function to check if the bandwidth table was created before trying to get a bandwidth with _read_bw(). The Linux kernel CVE team has assigned CVE-2024-58068 to this issue. Affected and fixed versions =========================== Issue introduced in 6.0 with commit add1dc094a7456d3c56782b7478940b6a550c7ed and fixed in 6.1.129 with commit 8532fd078d2a5286915d03bb0a0893ee1955acef Issue introduced in 6.0 with commit add1dc094a7456d3c56782b7478940b6a550c7ed and fixed in 6.6.76 with commit 84ff05c9bd577157baed711a4f0b41206593978b Issue introduced in 6.0 with commit add1dc094a7456d3c56782b7478940b6a550c7ed and fixed in 6.12.13 with commit ff2def251849133be6076a7c2d427d8eb963c223 Issue introduced in 6.0 with commit add1dc094a7456d3c56782b7478940b6a550c7ed and fixed in 6.13.2 with commit 5165486681dbd67b61b975c63125f2a5cb7f96d1 Issue introduced in 6.0 with commit add1dc094a7456d3c56782b7478940b6a550c7ed and fixed in 6.14-rc1 with commit b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-58068 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/opp/core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8532fd078d2a5286915d03bb0a0893ee1955acef https://git.kernel.org/stable/c/84ff05c9bd577157baed711a4f0b41206593978b https://git.kernel.org/stable/c/ff2def251849133be6076a7c2d427d8eb963c223 https://git.kernel.org/stable/c/5165486681dbd67b61b975c63125f2a5cb7f96d1 https://git.kernel.org/stable/c/b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e
Powered by blists - more mailing lists