[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2025053006-multitask-profanity-3590@gregkh>
Date: Fri, 30 May 2025 16:14:51 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Giovanni Gherdovich <giovanni.gherdovich@...e.com>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org,
linux-cve-announce@...r.kernel.org
Subject: Re: CVE-2025-37832: cpufreq: sun50i: prevent out-of-bounds access
On Fri, May 30, 2025 at 03:57:35PM +0200, Giovanni Gherdovich wrote:
> On Thu May 8, 2025 08:39, Greg Kroah-Hartman wrote:
> > A KASAN enabled kernel reports an out-of-bounds access when handling the
> > nvmem cell in the sun50i cpufreq driver:
> > [...]
>
> The invalid data that may be read comes from a ROM in the SoC,
> programmed by the vendor, and is only used to configure CPU frequency
> and voltage in the cpufreq framework.
>
> Even assuming that improper frequency/voltage settings constitute a
> security risk, writing to the ROM in question is at least a privileged
> operation, and may require physical access to the SoC.
Obviously there are systems out there that have this issue, with device
trees that can trigger this issue, this isn't a matter of "malicious ROM
doing bad things" type of issue, it's a "the DT can't express this
properly, so we might have taken data from the hardware and handled it
in the wrong way" type of issue.
> I don't think this qualifies as vulnerability.
I don't see how this is a ROM configuration issue, but rather just a
kernel bug in how the hardware is accessed on different types of systems
where we previously could not handle such accesses correctly.
thanks,
greg k-h
Powered by blists - more mailing lists