cve/published/2024/CVE-2024-58010.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-58010: binfmt_flat: Fix integer overflow bug on 32 bit systems

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 binfmt_flat: Fix integer overflow bug on 32 bit systems

 Most of these sizes and counts are capped at 256MB so the math doesn't
 result in an integer overflow.  The "relocs" count needs to be checked
 as well.  Otherwise on 32bit systems the calculation of "full_data"
 could be wrong.

 	full_data = data_len + relocs * sizeof(unsigned long);

 The Linux kernel CVE team has assigned CVE-2024-58010 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 5.4.291 with commit 0b6be54d7386b7addbf9e5947366f94aad046938
 	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 5.10.235 with commit 6fb98e0576ea155267e206286413dcb3a3d55c12
 	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 5.15.179 with commit bc8ca18b8ef4648532c001bd6c8151143b569275
 	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 6.1.129 with commit 95506c7f33452450346fbe2975c1359100f854ca
 	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 6.6.78 with commit d17ca8f2dfcf423c439859995910a20e38b86f00
 	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 6.12.14 with commit a009378af674b808efcca1e2e67916e79ce866b3
 	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 6.13.3 with commit 8e8cd712bb06a507b26efd2a56155076aa454345
 	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 6.14 with commit 55cf2f4b945f6a6416cc2524ba740b83cc9af25a

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-58010
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/binfmt_flat.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/0b6be54d7386b7addbf9e5947366f94aad046938
 	https://git.kernel.org/stable/c/6fb98e0576ea155267e206286413dcb3a3d55c12
 	https://git.kernel.org/stable/c/bc8ca18b8ef4648532c001bd6c8151143b569275
 	https://git.kernel.org/stable/c/95506c7f33452450346fbe2975c1359100f854ca
 	https://git.kernel.org/stable/c/d17ca8f2dfcf423c439859995910a20e38b86f00
 	https://git.kernel.org/stable/c/a009378af674b808efcca1e2e67916e79ce866b3
 	https://git.kernel.org/stable/c/8e8cd712bb06a507b26efd2a56155076aa454345
 	https://git.kernel.org/stable/c/55cf2f4b945f6a6416cc2524ba740b83cc9af25a
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-58010: binfmt_flat: Fix integer overflow bug on 32 bit systems

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	binfmt_flat: Fix integer overflow bug on 32 bit systems

	Most of these sizes and counts are capped at 256MB so the math doesn't
	result in an integer overflow. The "relocs" count needs to be checked
	as well. Otherwise on 32bit systems the calculation of "full_data"
	could be wrong.

	full_data = data_len + relocs * sizeof(unsigned long);

	The Linux kernel CVE team has assigned CVE-2024-58010 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 5.4.291 with commit 0b6be54d7386b7addbf9e5947366f94aad046938
	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 5.10.235 with commit 6fb98e0576ea155267e206286413dcb3a3d55c12
	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 5.15.179 with commit bc8ca18b8ef4648532c001bd6c8151143b569275
	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 6.1.129 with commit 95506c7f33452450346fbe2975c1359100f854ca
	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 6.6.78 with commit d17ca8f2dfcf423c439859995910a20e38b86f00
	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 6.12.14 with commit a009378af674b808efcca1e2e67916e79ce866b3
	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 6.13.3 with commit 8e8cd712bb06a507b26efd2a56155076aa454345
	Issue introduced in 4.8 with commit c995ee28d29d6f256c3a8a6c4e66469554374f25 and fixed in 6.14 with commit 55cf2f4b945f6a6416cc2524ba740b83cc9af25a

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-58010
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/binfmt_flat.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/0b6be54d7386b7addbf9e5947366f94aad046938
	https://git.kernel.org/stable/c/6fb98e0576ea155267e206286413dcb3a3d55c12
	https://git.kernel.org/stable/c/bc8ca18b8ef4648532c001bd6c8151143b569275
	https://git.kernel.org/stable/c/95506c7f33452450346fbe2975c1359100f854ca
	https://git.kernel.org/stable/c/d17ca8f2dfcf423c439859995910a20e38b86f00
	https://git.kernel.org/stable/c/a009378af674b808efcca1e2e67916e79ce866b3
	https://git.kernel.org/stable/c/8e8cd712bb06a507b26efd2a56155076aa454345
	https://git.kernel.org/stable/c/55cf2f4b945f6a6416cc2524ba740b83cc9af25a