cve/published/2021/CVE-2021-47005.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2021-47005: PCI: endpoint: Fix NULL pointer dereference for ->get_features()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 PCI: endpoint: Fix NULL pointer dereference for ->get_features()

 get_features ops of pci_epc_ops may return NULL, causing NULL pointer
 dereference in pci_epf_test_alloc_space function. Let us add a check for
 pci_epc_feature pointer in pci_epf_test_bind before we access it to avoid
 any such NULL pointer dereference and return -ENOTSUPP in case
 pci_epc_feature is not found.

 When the patch is not applied and EPC features is not implemented in the
 platform driver, we see the following dump due to kernel NULL pointer
 dereference.

 Call trace:
  pci_epf_test_bind+0xf4/0x388
  pci_epf_bind+0x3c/0x80
  pci_epc_epf_link+0xa8/0xcc
  configfs_symlink+0x1a4/0x48c
  vfs_symlink+0x104/0x184
  do_symlinkat+0x80/0xd4
  __arm64_sys_symlinkat+0x1c/0x24
  el0_svc_common.constprop.3+0xb8/0x170
  el0_svc_handler+0x70/0x88
  el0_svc+0x8/0x640
 Code: d2800581 b9403ab9 f9404ebb 8b394f60 (f9400400)
 ---[ end trace a438e3c5a24f9df0 ]---

 The Linux kernel CVE team has assigned CVE-2021-47005 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.1 with commit 2c04c5b8eef797dca99699cfb55ff42dd3c12c23 and fixed in 5.10.38 with commit bbed83d7060e07a5d309104d25a00f0a24441428
 	Issue introduced in 5.1 with commit 2c04c5b8eef797dca99699cfb55ff42dd3c12c23 and fixed in 5.11.22 with commit 679ebad058b8168f10e63876d63b0877fd2fe784
 	Issue introduced in 5.1 with commit 2c04c5b8eef797dca99699cfb55ff42dd3c12c23 and fixed in 5.12.5 with commit 0169d4f0bee44fdfef908c13ed21fcb326c38695
 	Issue introduced in 5.1 with commit 2c04c5b8eef797dca99699cfb55ff42dd3c12c23 and fixed in 5.13 with commit 6613bc2301ba291a1c5a90e1dc24cf3edf223c03

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2021-47005
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/pci/endpoint/functions/pci-epf-test.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/bbed83d7060e07a5d309104d25a00f0a24441428
 	https://git.kernel.org/stable/c/679ebad058b8168f10e63876d63b0877fd2fe784
 	https://git.kernel.org/stable/c/0169d4f0bee44fdfef908c13ed21fcb326c38695
 	https://git.kernel.org/stable/c/6613bc2301ba291a1c5a90e1dc24cf3edf223c03
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2021-47005: PCI: endpoint: Fix NULL pointer dereference for ->get_features()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	PCI: endpoint: Fix NULL pointer dereference for ->get_features()

	get_features ops of pci_epc_ops may return NULL, causing NULL pointer
	dereference in pci_epf_test_alloc_space function. Let us add a check for
	pci_epc_feature pointer in pci_epf_test_bind before we access it to avoid
	any such NULL pointer dereference and return -ENOTSUPP in case
	pci_epc_feature is not found.

	When the patch is not applied and EPC features is not implemented in the
	platform driver, we see the following dump due to kernel NULL pointer
	dereference.

	Call trace:
	pci_epf_test_bind+0xf4/0x388
	pci_epf_bind+0x3c/0x80
	pci_epc_epf_link+0xa8/0xcc
	configfs_symlink+0x1a4/0x48c
	vfs_symlink+0x104/0x184
	do_symlinkat+0x80/0xd4
	__arm64_sys_symlinkat+0x1c/0x24
	el0_svc_common.constprop.3+0xb8/0x170
	el0_svc_handler+0x70/0x88
	el0_svc+0x8/0x640
	Code: d2800581 b9403ab9 f9404ebb 8b394f60 (f9400400)
	---[ end trace a438e3c5a24f9df0 ]---

	The Linux kernel CVE team has assigned CVE-2021-47005 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.1 with commit 2c04c5b8eef797dca99699cfb55ff42dd3c12c23 and fixed in 5.10.38 with commit bbed83d7060e07a5d309104d25a00f0a24441428
	Issue introduced in 5.1 with commit 2c04c5b8eef797dca99699cfb55ff42dd3c12c23 and fixed in 5.11.22 with commit 679ebad058b8168f10e63876d63b0877fd2fe784
	Issue introduced in 5.1 with commit 2c04c5b8eef797dca99699cfb55ff42dd3c12c23 and fixed in 5.12.5 with commit 0169d4f0bee44fdfef908c13ed21fcb326c38695
	Issue introduced in 5.1 with commit 2c04c5b8eef797dca99699cfb55ff42dd3c12c23 and fixed in 5.13 with commit 6613bc2301ba291a1c5a90e1dc24cf3edf223c03

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47005
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/pci/endpoint/functions/pci-epf-test.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/bbed83d7060e07a5d309104d25a00f0a24441428
	https://git.kernel.org/stable/c/679ebad058b8168f10e63876d63b0877fd2fe784
	https://git.kernel.org/stable/c/0169d4f0bee44fdfef908c13ed21fcb326c38695
	https://git.kernel.org/stable/c/6613bc2301ba291a1c5a90e1dc24cf3edf223c03