| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123055-CVE-2023-54255-9509@gregkh> Date: Tue, 30 Dec 2025 13:20:21 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54255: sh: dma: Fix DMA channel offset calculation From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: sh: dma: Fix DMA channel offset calculation Various SoCs of the SH3, SH4 and SH4A family, which use this driver, feature a differing number of DMA channels, which can be distributed between up to two DMAC modules. The existing implementation fails to correctly accommodate for all those variations, resulting in wrong channel offset calculations and leading to kernel panics. Rewrite dma_base_addr() in order to properly calculate channel offsets in a DMAC module. Fix dmaor_read_reg() and dmaor_write_reg(), so that the correct DMAC module base is selected for the DMAOR register. The Linux kernel CVE team has assigned CVE-2023-54255 to this issue. Affected and fixed versions =========================== Issue introduced in 3.5 with commit 7f47c7189b3e8f19a589f77a3ad169d7b691b582 and fixed in 4.14.322 with commit bca700b48c72f4ffeee977a2ed0eb4a6b4b7b8ad Issue introduced in 3.5 with commit 7f47c7189b3e8f19a589f77a3ad169d7b691b582 and fixed in 4.19.291 with commit 479380acfa63247b5ac62476138f847aefc62692 Issue introduced in 3.5 with commit 7f47c7189b3e8f19a589f77a3ad169d7b691b582 and fixed in 5.4.251 with commit 4989627157735c1f1619f08e5bc1592418e7c878 Issue introduced in 3.5 with commit 7f47c7189b3e8f19a589f77a3ad169d7b691b582 and fixed in 5.10.188 with commit d1c946552af299f4fa85bf7da15e328123771128 Issue introduced in 3.5 with commit 7f47c7189b3e8f19a589f77a3ad169d7b691b582 and fixed in 5.15.121 with commit 196f6c71905aa384c0177acf194a1144d480333b Issue introduced in 3.5 with commit 7f47c7189b3e8f19a589f77a3ad169d7b691b582 and fixed in 6.1.39 with commit 8fb11fa4805699c6b73a9c8a9d45807f9874abe3 Issue introduced in 3.5 with commit 7f47c7189b3e8f19a589f77a3ad169d7b691b582 and fixed in 6.4.4 with commit e9e33faea104381bac80ac79328f0540fc2969f2 Issue introduced in 3.5 with commit 7f47c7189b3e8f19a589f77a3ad169d7b691b582 and fixed in 6.5 with commit e82e47584847129a20b8c9f4a1dcde09374fb0e0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54255 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/sh/drivers/dma/dma-sh.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/bca700b48c72f4ffeee977a2ed0eb4a6b4b7b8ad https://git.kernel.org/stable/c/479380acfa63247b5ac62476138f847aefc62692 https://git.kernel.org/stable/c/4989627157735c1f1619f08e5bc1592418e7c878 https://git.kernel.org/stable/c/d1c946552af299f4fa85bf7da15e328123771128 https://git.kernel.org/stable/c/196f6c71905aa384c0177acf194a1144d480333b https://git.kernel.org/stable/c/8fb11fa4805699c6b73a9c8a9d45807f9874abe3 https://git.kernel.org/stable/c/e9e33faea104381bac80ac79328f0540fc2969f2 https://git.kernel.org/stable/c/e82e47584847129a20b8c9f4a1dcde09374fb0e0
Powered by blists - more mailing lists