cve/published/2022/CVE-2022-49451.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49451: firmware: arm_scmi: Fix list protocols enumeration in the base protocol

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 firmware: arm_scmi: Fix list protocols enumeration in the base protocol

 While enumerating protocols implemented by the SCMI platform using
 BASE_DISCOVER_LIST_PROTOCOLS, the number of returned protocols is
 currently validated in an improper way since the check employs a sum
 between unsigned integers that could overflow and cause the check itself
 to be silently bypassed if the returned value 'loop_num_ret' is big
 enough.

 Fix the validation avoiding the addition.

 The Linux kernel CVE team has assigned CVE-2022-49451 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 4.19.247 with commit 444a2d27fe9867d0da4b28fc45b793f32e099ab8
 	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.4.198 with commit b0e4bafac8963c2d85ee18d3d01f393735acceec
 	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.10.121 with commit 1052f22e127d0c34c3387bb389424ba1c61491ff
 	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.15.46 with commit 98342148a8cd242855d7e257f298c966c96dba9f
 	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.17.14 with commit 6e7978695f4a6cbd83616b5a702b77fa2087b247
 	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.18.3 with commit 2ccfcd7a09c826516edcfe464b05071961aada3f
 	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.19 with commit 8009120e0354a67068e920eb10dce532391361d0

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49451
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/firmware/arm_scmi/base.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/444a2d27fe9867d0da4b28fc45b793f32e099ab8
 	https://git.kernel.org/stable/c/b0e4bafac8963c2d85ee18d3d01f393735acceec
 	https://git.kernel.org/stable/c/1052f22e127d0c34c3387bb389424ba1c61491ff
 	https://git.kernel.org/stable/c/98342148a8cd242855d7e257f298c966c96dba9f
 	https://git.kernel.org/stable/c/6e7978695f4a6cbd83616b5a702b77fa2087b247
 	https://git.kernel.org/stable/c/2ccfcd7a09c826516edcfe464b05071961aada3f
 	https://git.kernel.org/stable/c/8009120e0354a67068e920eb10dce532391361d0
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49451: firmware: arm_scmi: Fix list protocols enumeration in the base protocol

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	firmware: arm_scmi: Fix list protocols enumeration in the base protocol

	While enumerating protocols implemented by the SCMI platform using
	BASE_DISCOVER_LIST_PROTOCOLS, the number of returned protocols is
	currently validated in an improper way since the check employs a sum
	between unsigned integers that could overflow and cause the check itself
	to be silently bypassed if the returned value 'loop_num_ret' is big
	enough.

	Fix the validation avoiding the addition.

	The Linux kernel CVE team has assigned CVE-2022-49451 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 4.19.247 with commit 444a2d27fe9867d0da4b28fc45b793f32e099ab8
	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.4.198 with commit b0e4bafac8963c2d85ee18d3d01f393735acceec
	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.10.121 with commit 1052f22e127d0c34c3387bb389424ba1c61491ff
	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.15.46 with commit 98342148a8cd242855d7e257f298c966c96dba9f
	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.17.14 with commit 6e7978695f4a6cbd83616b5a702b77fa2087b247
	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.18.3 with commit 2ccfcd7a09c826516edcfe464b05071961aada3f
	Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.19 with commit 8009120e0354a67068e920eb10dce532391361d0

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49451
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/firmware/arm_scmi/base.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/444a2d27fe9867d0da4b28fc45b793f32e099ab8
	https://git.kernel.org/stable/c/b0e4bafac8963c2d85ee18d3d01f393735acceec
	https://git.kernel.org/stable/c/1052f22e127d0c34c3387bb389424ba1c61491ff
	https://git.kernel.org/stable/c/98342148a8cd242855d7e257f298c966c96dba9f
	https://git.kernel.org/stable/c/6e7978695f4a6cbd83616b5a702b77fa2087b247
	https://git.kernel.org/stable/c/2ccfcd7a09c826516edcfe464b05071961aada3f
	https://git.kernel.org/stable/c/8009120e0354a67068e920eb10dce532391361d0