cve/published/2024/CVE-2024-43877.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-43877: media: pci: ivtv: Add check for DMA map result

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 media: pci: ivtv: Add check for DMA map result

 In case DMA fails, 'dma->SG_length' is 0. This value is later used to
 access 'dma->SGarray[dma->SG_length - 1]', which will cause out of
 bounds access.

 Add check to return early on invalid value. Adjust warnings accordingly.

 Found by Linux Verification Center (linuxtesting.org) with SVACE.

 The Linux kernel CVE team has assigned CVE-2024-43877 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.16 with commit 1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1 and fixed in 6.1.103 with commit 24062aa7407091dee3e45a8e8037df437e848718
 	Issue introduced in 5.16 with commit 1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1 and fixed in 6.6.44 with commit 3d8fd92939e21ff0d45100ab208f8124af79402a
 	Issue introduced in 5.16 with commit 1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1 and fixed in 6.10.3 with commit c766065e8272085ea9c436414b7ddf1f12e7787b
 	Issue introduced in 5.16 with commit 1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1 and fixed in 6.11 with commit 629913d6d79508b166c66e07e4857e20233d85a9

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-43877
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/media/pci/ivtv/ivtv-udma.c
 	drivers/media/pci/ivtv/ivtv-yuv.c
 	drivers/media/pci/ivtv/ivtvfb.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718
 	https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a
 	https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b
 	https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-43877: media: pci: ivtv: Add check for DMA map result

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	media: pci: ivtv: Add check for DMA map result

	In case DMA fails, 'dma->SG_length' is 0. This value is later used to
	access 'dma->SGarray[dma->SG_length - 1]', which will cause out of
	bounds access.

	Add check to return early on invalid value. Adjust warnings accordingly.

	Found by Linux Verification Center (linuxtesting.org) with SVACE.

	The Linux kernel CVE team has assigned CVE-2024-43877 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.16 with commit 1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1 and fixed in 6.1.103 with commit 24062aa7407091dee3e45a8e8037df437e848718
	Issue introduced in 5.16 with commit 1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1 and fixed in 6.6.44 with commit 3d8fd92939e21ff0d45100ab208f8124af79402a
	Issue introduced in 5.16 with commit 1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1 and fixed in 6.10.3 with commit c766065e8272085ea9c436414b7ddf1f12e7787b
	Issue introduced in 5.16 with commit 1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1 and fixed in 6.11 with commit 629913d6d79508b166c66e07e4857e20233d85a9

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-43877
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/media/pci/ivtv/ivtv-udma.c
	drivers/media/pci/ivtv/ivtv-yuv.c
	drivers/media/pci/ivtv/ivtvfb.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718
	https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a
	https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b
	https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9