| The Linux kernel contains a vulnerability in the `cpufreq_cooling` driver, specifically in the `cpu_power_to_freq()` function. This function is used to convert power values to frequency values using an Operating Performance Point (OPP) table. If the power value is limited below the power of OPP0 in the EM table, it can cause a slab out-of-bounds (OOB) issue with a negative array index. |
| |
| The OOB issue occurs because the `cpu_power_to_freq()` function does not properly handle cases where the power value is lower than the minimum power specified in the OPP table. This can lead to an invalid memory access, causing a kernel crash or potentially allowing an attacker to exploit the vulnerability. |
| |
| To fix this issue, the kernel has been updated to return the lowest frequency if a suitable OPP cannot be found in the EM table for the limited power value. This ensures that the `cpu_power_to_freq()` function always returns a valid frequency value and prevents the slab OOB issue. |
| |
| The vulnerability was introduced in Linux kernel version 5.8 and was fixed in versions 5.10.36, 5.11.20, 5.12.3, and 5.13. It also affects kernel versions 4.14.189, 4.19.134, 5.4.53, and 5.7.8. The affected file is `drivers/thermal/cpufreq_cooling.c`. |
| |
