cve/published/2020/CVE-2020-36776.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2020-36776: thermal/drivers/cpufreq_cooling: Fix slab OOB issue

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 thermal/drivers/cpufreq_cooling: Fix slab OOB issue

 Slab OOB issue is scanned by KASAN in cpu_power_to_freq().
 If power is limited below the power of OPP0 in EM table,
 it will cause slab out-of-bound issue with negative array
 index.

 Return the lowest frequency if limited power cannot found
 a suitable OPP in EM table to fix this issue.

 Backtrace:
 [<ffffffd02d2a37f0>] die+0x104/0x5ac
 [<ffffffd02d2a5630>] bug_handler+0x64/0xd0
 [<ffffffd02d288ce4>] brk_handler+0x160/0x258
 [<ffffffd02d281e5c>] do_debug_exception+0x248/0x3f0
 [<ffffffd02d284488>] el1_dbg+0x14/0xbc
 [<ffffffd02d75d1d4>] __kasan_report+0x1dc/0x1e0
 [<ffffffd02d75c2e0>] kasan_report+0x10/0x20
 [<ffffffd02d75def8>] __asan_report_load8_noabort+0x18/0x28
 [<ffffffd02e6fce5c>] cpufreq_power2state+0x180/0x43c
 [<ffffffd02e6ead80>] power_actor_set_power+0x114/0x1d4
 [<ffffffd02e6fac24>] allocate_power+0xaec/0xde0
 [<ffffffd02e6f9f80>] power_allocator_throttle+0x3ec/0x5a4
 [<ffffffd02e6ea888>] handle_thermal_trip+0x160/0x294
 [<ffffffd02e6edd08>] thermal_zone_device_check+0xe4/0x154
 [<ffffffd02d351cb4>] process_one_work+0x5e4/0xe28
 [<ffffffd02d352f44>] worker_thread+0xa4c/0xfac
 [<ffffffd02d360124>] kthread+0x33c/0x358
 [<ffffffd02d289940>] ret_from_fork+0xc/0x18

 The Linux kernel CVE team has assigned CVE-2020-36776 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.8 with commit 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb and fixed in 5.10.36 with commit c24a20912eef00587416628149c438e885eb1304
 	Issue introduced in 5.8 with commit 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb and fixed in 5.11.20 with commit 876a5f33e5d961d879c5436987c09b3d9ef70379
 	Issue introduced in 5.8 with commit 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb and fixed in 5.12.3 with commit 6bf443acf6ca4f666d0e4225614ba9993a3aa1a9
 	Issue introduced in 5.8 with commit 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb and fixed in 5.13 with commit 34ab17cc6c2c1ac93d7e5d53bb972df9a968f085
 	Issue introduced in 4.14.189 with commit 39e0651cac9c80865b2838f297f95ffc0f34a1d8
 	Issue introduced in 4.19.134 with commit febe56f21371ba1e51e8586c3ddf8f54fc62fe61
 	Issue introduced in 5.4.53 with commit d3b7bacd1115400b94482dfc7efffc175c29b831
 	Issue introduced in 5.7.8 with commit 9006b543384ab10902819364c1205f11a1458571

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2020-36776
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/thermal/cpufreq_cooling.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/c24a20912eef00587416628149c438e885eb1304
 	https://git.kernel.org/stable/c/876a5f33e5d961d879c5436987c09b3d9ef70379
 	https://git.kernel.org/stable/c/6bf443acf6ca4f666d0e4225614ba9993a3aa1a9
 	https://git.kernel.org/stable/c/34ab17cc6c2c1ac93d7e5d53bb972df9a968f085
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2020-36776: thermal/drivers/cpufreq_cooling: Fix slab OOB issue

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	thermal/drivers/cpufreq_cooling: Fix slab OOB issue

	Slab OOB issue is scanned by KASAN in cpu_power_to_freq().
	If power is limited below the power of OPP0 in EM table,
	it will cause slab out-of-bound issue with negative array
	index.

	Return the lowest frequency if limited power cannot found
	a suitable OPP in EM table to fix this issue.

	Backtrace:
	[<ffffffd02d2a37f0>] die+0x104/0x5ac
	[<ffffffd02d2a5630>] bug_handler+0x64/0xd0
	[<ffffffd02d288ce4>] brk_handler+0x160/0x258
	[<ffffffd02d281e5c>] do_debug_exception+0x248/0x3f0
	[<ffffffd02d284488>] el1_dbg+0x14/0xbc
	[<ffffffd02d75d1d4>] __kasan_report+0x1dc/0x1e0
	[<ffffffd02d75c2e0>] kasan_report+0x10/0x20
	[<ffffffd02d75def8>] __asan_report_load8_noabort+0x18/0x28
	[<ffffffd02e6fce5c>] cpufreq_power2state+0x180/0x43c
	[<ffffffd02e6ead80>] power_actor_set_power+0x114/0x1d4
	[<ffffffd02e6fac24>] allocate_power+0xaec/0xde0
	[<ffffffd02e6f9f80>] power_allocator_throttle+0x3ec/0x5a4
	[<ffffffd02e6ea888>] handle_thermal_trip+0x160/0x294
	[<ffffffd02e6edd08>] thermal_zone_device_check+0xe4/0x154
	[<ffffffd02d351cb4>] process_one_work+0x5e4/0xe28
	[<ffffffd02d352f44>] worker_thread+0xa4c/0xfac
	[<ffffffd02d360124>] kthread+0x33c/0x358
	[<ffffffd02d289940>] ret_from_fork+0xc/0x18

	The Linux kernel CVE team has assigned CVE-2020-36776 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.8 with commit 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb and fixed in 5.10.36 with commit c24a20912eef00587416628149c438e885eb1304
	Issue introduced in 5.8 with commit 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb and fixed in 5.11.20 with commit 876a5f33e5d961d879c5436987c09b3d9ef70379
	Issue introduced in 5.8 with commit 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb and fixed in 5.12.3 with commit 6bf443acf6ca4f666d0e4225614ba9993a3aa1a9
	Issue introduced in 5.8 with commit 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb and fixed in 5.13 with commit 34ab17cc6c2c1ac93d7e5d53bb972df9a968f085
	Issue introduced in 4.14.189 with commit 39e0651cac9c80865b2838f297f95ffc0f34a1d8
	Issue introduced in 4.19.134 with commit febe56f21371ba1e51e8586c3ddf8f54fc62fe61
	Issue introduced in 5.4.53 with commit d3b7bacd1115400b94482dfc7efffc175c29b831
	Issue introduced in 5.7.8 with commit 9006b543384ab10902819364c1205f11a1458571

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2020-36776
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/thermal/cpufreq_cooling.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/c24a20912eef00587416628149c438e885eb1304
	https://git.kernel.org/stable/c/876a5f33e5d961d879c5436987c09b3d9ef70379
	https://git.kernel.org/stable/c/6bf443acf6ca4f666d0e4225614ba9993a3aa1a9
	https://git.kernel.org/stable/c/34ab17cc6c2c1ac93d7e5d53bb972df9a968f085