| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized |
| |
| If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth |
| from the OPP table but the bandwidth table was not created because the |
| interconnect properties were missing in the OPP consumer node, the |
| kernel will crash with: |
| |
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 |
| ... |
| pc : _read_bw+0x8/0x10 |
| lr : _opp_table_find_key+0x9c/0x174 |
| ... |
| Call trace: |
| _read_bw+0x8/0x10 (P) |
| _opp_table_find_key+0x9c/0x174 (L) |
| _find_key+0x98/0x168 |
| dev_pm_opp_find_bw_ceil+0x50/0x88 |
| ... |
| |
| In order to fix the crash, create an assert function to check |
| if the bandwidth table was created before trying to get a |
| bandwidth with _read_bw(). |
| |
| The Linux kernel CVE team has assigned CVE-2024-58068 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 6.0 with commit add1dc094a7456d3c56782b7478940b6a550c7ed and fixed in 6.1.129 with commit 8532fd078d2a5286915d03bb0a0893ee1955acef |
| Issue introduced in 6.0 with commit add1dc094a7456d3c56782b7478940b6a550c7ed and fixed in 6.6.76 with commit 84ff05c9bd577157baed711a4f0b41206593978b |
| Issue introduced in 6.0 with commit add1dc094a7456d3c56782b7478940b6a550c7ed and fixed in 6.12.13 with commit ff2def251849133be6076a7c2d427d8eb963c223 |
| Issue introduced in 6.0 with commit add1dc094a7456d3c56782b7478940b6a550c7ed and fixed in 6.13.2 with commit 5165486681dbd67b61b975c63125f2a5cb7f96d1 |
| Issue introduced in 6.0 with commit add1dc094a7456d3c56782b7478940b6a550c7ed and fixed in 6.14 with commit b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-58068 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| drivers/opp/core.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/8532fd078d2a5286915d03bb0a0893ee1955acef |
| https://git.kernel.org/stable/c/84ff05c9bd577157baed711a4f0b41206593978b |
| https://git.kernel.org/stable/c/ff2def251849133be6076a7c2d427d8eb963c223 |
| https://git.kernel.org/stable/c/5165486681dbd67b61b975c63125f2a5cb7f96d1 |
| https://git.kernel.org/stable/c/b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e |
