cve/published/2024/CVE-2024-53063.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 media: dvbdev: prevent the risk of out of memory access

 The dvbdev contains a static variable used to store dvb minors.

 The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set
 or not. When not set, dvb_register_device() won't check for
 boundaries, as it will rely that a previous call to
 dvb_register_adapter() would already be enforcing it.

 On a similar way, dvb_device_open() uses the assumption
 that the register functions already did the needed checks.

 This can be fragile if some device ends using different
 calls. This also generate warnings on static check analysers
 like Coverity.

 So, add explicit guards to prevent potential risk of OOM issues.

 The Linux kernel CVE team has assigned CVE-2024-53063 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 4.19.324 with commit fedfde9deb83ac8d2f3d5f36f111023df34b1684
 	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 5.4.286 with commit 3b88675e18b6517043a6f734eaa8ea6eb3bfa140
 	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 5.10.230 with commit a4a17210c03ade1c8d9a9f193a105654b7a05c11
 	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 5.15.172 with commit 5f76f7df14861e3a560898fa41979ec92424b58f
 	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 6.1.117 with commit b751a96025275c17f04083cbfe856822f1658946
 	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 6.6.61 with commit 1e461672616b726f29261ee81bb991528818537c
 	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 6.11.8 with commit 9c17085fabbde2041c893d29599800f2d4992b23
 	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 6.12 with commit 972e63e895abbe8aa1ccbdbb4e6362abda7cd457

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-53063
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/media/dvb-core/dvbdev.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/fedfde9deb83ac8d2f3d5f36f111023df34b1684
 	https://git.kernel.org/stable/c/3b88675e18b6517043a6f734eaa8ea6eb3bfa140
 	https://git.kernel.org/stable/c/a4a17210c03ade1c8d9a9f193a105654b7a05c11
 	https://git.kernel.org/stable/c/5f76f7df14861e3a560898fa41979ec92424b58f
 	https://git.kernel.org/stable/c/b751a96025275c17f04083cbfe856822f1658946
 	https://git.kernel.org/stable/c/1e461672616b726f29261ee81bb991528818537c
 	https://git.kernel.org/stable/c/9c17085fabbde2041c893d29599800f2d4992b23
 	https://git.kernel.org/stable/c/972e63e895abbe8aa1ccbdbb4e6362abda7cd457
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	media: dvbdev: prevent the risk of out of memory access

	The dvbdev contains a static variable used to store dvb minors.

	The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set
	or not. When not set, dvb_register_device() won't check for
	boundaries, as it will rely that a previous call to
	dvb_register_adapter() would already be enforcing it.

	On a similar way, dvb_device_open() uses the assumption
	that the register functions already did the needed checks.

	This can be fragile if some device ends using different
	calls. This also generate warnings on static check analysers
	like Coverity.

	So, add explicit guards to prevent potential risk of OOM issues.

	The Linux kernel CVE team has assigned CVE-2024-53063 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 4.19.324 with commit fedfde9deb83ac8d2f3d5f36f111023df34b1684
	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 5.4.286 with commit 3b88675e18b6517043a6f734eaa8ea6eb3bfa140
	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 5.10.230 with commit a4a17210c03ade1c8d9a9f193a105654b7a05c11
	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 5.15.172 with commit 5f76f7df14861e3a560898fa41979ec92424b58f
	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 6.1.117 with commit b751a96025275c17f04083cbfe856822f1658946
	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 6.6.61 with commit 1e461672616b726f29261ee81bb991528818537c
	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 6.11.8 with commit 9c17085fabbde2041c893d29599800f2d4992b23
	Issue introduced in 2.6.29 with commit 5dd3f3071070f5a306bdf8d474c80062f5691cba and fixed in 6.12 with commit 972e63e895abbe8aa1ccbdbb4e6362abda7cd457

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-53063
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/media/dvb-core/dvbdev.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/fedfde9deb83ac8d2f3d5f36f111023df34b1684
	https://git.kernel.org/stable/c/3b88675e18b6517043a6f734eaa8ea6eb3bfa140
	https://git.kernel.org/stable/c/a4a17210c03ade1c8d9a9f193a105654b7a05c11
	https://git.kernel.org/stable/c/5f76f7df14861e3a560898fa41979ec92424b58f
	https://git.kernel.org/stable/c/b751a96025275c17f04083cbfe856822f1658946
	https://git.kernel.org/stable/c/1e461672616b726f29261ee81bb991528818537c
	https://git.kernel.org/stable/c/9c17085fabbde2041c893d29599800f2d4992b23
	https://git.kernel.org/stable/c/972e63e895abbe8aa1ccbdbb4e6362abda7cd457