cve/published/2022/CVE-2022-48732.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-48732: drm/nouveau: fix off by one in BIOS boundary checking

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 drm/nouveau: fix off by one in BIOS boundary checking

 Bounds checking when parsing init scripts embedded in the BIOS reject
 access to the last byte. This causes driver initialization to fail on
 Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working
 console.

 This is probably only seen on OpenFirmware machines like PowerPC Macs
 because the BIOS image provided by OF is only the used parts of the ROM,
 not a power-of-two blocks read from PCI directly so PCs always have
 empty bytes at the end that are never accessed.

 The Linux kernel CVE team has assigned CVE-2022-48732 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 4.9.300 with commit d4b746e60fd8eaa8016e144223abe91158edcdad
 	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 4.14.265 with commit 909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2
 	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 4.19.228 with commit b2a21669ee98aafc41c6d42ef15af4dab9e6e882
 	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 5.4.178 with commit acc887ba88333f5fec49631f12d8cc7ebd95781c
 	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 5.10.99 with commit f071d9fa857582d7bd77f4906691f73d3edeab73
 	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 5.15.22 with commit d877e814a62b7de9069aeff8bc1d979dfc996e06
 	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 5.16.8 with commit e7c36fa8a1e63b08312162179c78a0c7795ea369
 	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 5.17 with commit 1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-48732
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/d4b746e60fd8eaa8016e144223abe91158edcdad
 	https://git.kernel.org/stable/c/909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2
 	https://git.kernel.org/stable/c/b2a21669ee98aafc41c6d42ef15af4dab9e6e882
 	https://git.kernel.org/stable/c/acc887ba88333f5fec49631f12d8cc7ebd95781c
 	https://git.kernel.org/stable/c/f071d9fa857582d7bd77f4906691f73d3edeab73
 	https://git.kernel.org/stable/c/d877e814a62b7de9069aeff8bc1d979dfc996e06
 	https://git.kernel.org/stable/c/e7c36fa8a1e63b08312162179c78a0c7795ea369
 	https://git.kernel.org/stable/c/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-48732: drm/nouveau: fix off by one in BIOS boundary checking

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	drm/nouveau: fix off by one in BIOS boundary checking

	Bounds checking when parsing init scripts embedded in the BIOS reject
	access to the last byte. This causes driver initialization to fail on
	Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working
	console.

	This is probably only seen on OpenFirmware machines like PowerPC Macs
	because the BIOS image provided by OF is only the used parts of the ROM,
	not a power-of-two blocks read from PCI directly so PCs always have
	empty bytes at the end that are never accessed.

	The Linux kernel CVE team has assigned CVE-2022-48732 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 4.9.300 with commit d4b746e60fd8eaa8016e144223abe91158edcdad
	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 4.14.265 with commit 909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2
	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 4.19.228 with commit b2a21669ee98aafc41c6d42ef15af4dab9e6e882
	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 5.4.178 with commit acc887ba88333f5fec49631f12d8cc7ebd95781c
	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 5.10.99 with commit f071d9fa857582d7bd77f4906691f73d3edeab73
	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 5.15.22 with commit d877e814a62b7de9069aeff8bc1d979dfc996e06
	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 5.16.8 with commit e7c36fa8a1e63b08312162179c78a0c7795ea369
	Issue introduced in 4.8 with commit 4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077 and fixed in 5.17 with commit 1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-48732
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/d4b746e60fd8eaa8016e144223abe91158edcdad
	https://git.kernel.org/stable/c/909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2
	https://git.kernel.org/stable/c/b2a21669ee98aafc41c6d42ef15af4dab9e6e882
	https://git.kernel.org/stable/c/acc887ba88333f5fec49631f12d8cc7ebd95781c
	https://git.kernel.org/stable/c/f071d9fa857582d7bd77f4906691f73d3edeab73
	https://git.kernel.org/stable/c/d877e814a62b7de9069aeff8bc1d979dfc996e06
	https://git.kernel.org/stable/c/e7c36fa8a1e63b08312162179c78a0c7795ea369
	https://git.kernel.org/stable/c/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a