cve/published/2024/CVE-2024-56745.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-56745: PCI: Fix reset_method_store() memory leak

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 PCI: Fix reset_method_store() memory leak

 In reset_method_store(), a string is allocated via kstrndup() and assigned
 to the local "options". options is then used in with strsep() to find
 spaces:

   while ((name = strsep(&options, " ")) != NULL) {

 If there are no remaining spaces, then options is set to NULL by strsep(),
 so the subsequent kfree(options) doesn't free the memory allocated via
 kstrndup().

 Fix by using a separate tmp_options to iterate with strsep() so options is
 preserved.

 The Linux kernel CVE team has assigned CVE-2024-56745 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 5.15.174 with commit 403efb4457c0c8f8f51e904cc57d39193780c6bd
 	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 6.1.120 with commit 931d07ccffcc3614f20aaf602b31e89754e21c59
 	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 6.6.64 with commit 8e098baf6bc3f3a6aefc383509aba07e202f7ee0
 	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 6.11.11 with commit 543d0eb40e45c6a51f1bff02f417b602e54472d5
 	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 6.12.2 with commit fe6fae61f3b993160aef5fe2b7141a83872c144f
 	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 6.13 with commit 2985b1844f3f3447f2d938eff1ef6762592065a5

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-56745
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/pci/pci.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/403efb4457c0c8f8f51e904cc57d39193780c6bd
 	https://git.kernel.org/stable/c/931d07ccffcc3614f20aaf602b31e89754e21c59
 	https://git.kernel.org/stable/c/8e098baf6bc3f3a6aefc383509aba07e202f7ee0
 	https://git.kernel.org/stable/c/543d0eb40e45c6a51f1bff02f417b602e54472d5
 	https://git.kernel.org/stable/c/fe6fae61f3b993160aef5fe2b7141a83872c144f
 	https://git.kernel.org/stable/c/2985b1844f3f3447f2d938eff1ef6762592065a5
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-56745: PCI: Fix reset_method_store() memory leak

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	PCI: Fix reset_method_store() memory leak

	In reset_method_store(), a string is allocated via kstrndup() and assigned
	to the local "options". options is then used in with strsep() to find
	spaces:

	while ((name = strsep(&options, " ")) != NULL) {

	If there are no remaining spaces, then options is set to NULL by strsep(),
	so the subsequent kfree(options) doesn't free the memory allocated via
	kstrndup().

	Fix by using a separate tmp_options to iterate with strsep() so options is
	preserved.

	The Linux kernel CVE team has assigned CVE-2024-56745 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 5.15.174 with commit 403efb4457c0c8f8f51e904cc57d39193780c6bd
	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 6.1.120 with commit 931d07ccffcc3614f20aaf602b31e89754e21c59
	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 6.6.64 with commit 8e098baf6bc3f3a6aefc383509aba07e202f7ee0
	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 6.11.11 with commit 543d0eb40e45c6a51f1bff02f417b602e54472d5
	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 6.12.2 with commit fe6fae61f3b993160aef5fe2b7141a83872c144f
	Issue introduced in 5.15 with commit d88f521da3efd698e36d0d504a2abba6ac4f5ef8 and fixed in 6.13 with commit 2985b1844f3f3447f2d938eff1ef6762592065a5

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-56745
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/pci/pci.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/403efb4457c0c8f8f51e904cc57d39193780c6bd
	https://git.kernel.org/stable/c/931d07ccffcc3614f20aaf602b31e89754e21c59
	https://git.kernel.org/stable/c/8e098baf6bc3f3a6aefc383509aba07e202f7ee0
	https://git.kernel.org/stable/c/543d0eb40e45c6a51f1bff02f417b602e54472d5
	https://git.kernel.org/stable/c/fe6fae61f3b993160aef5fe2b7141a83872c144f
	https://git.kernel.org/stable/c/2985b1844f3f3447f2d938eff1ef6762592065a5