cve/published/2024/CVE-2024-27075.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-27075: media: dvb-frontends: avoid stack overflow warnings with clang

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 media: dvb-frontends: avoid stack overflow warnings with clang

 A previous patch worked around a KASAN issue in stv0367, now a similar
 problem showed up with clang:

 drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than]
  1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe)

 Rework the stv0367_writereg() function to be simpler and mark both
 register access functions as noinline_for_stack so the temporary
 i2c_msg structures do not get duplicated on the stack when KASAN_STACK
 is enabled.

 The Linux kernel CVE team has assigned CVE-2024-27075 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 4.19.311 with commit c073c8cede5abd3836e83d70d72606d11d0759d4
 	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 5.4.273 with commit fa8b472952ef46eb632825051078c21ce0cafe55
 	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 5.10.214 with commit fb07104a02e87c06c39914d13ed67fd8f839ca82
 	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 5.15.153 with commit d20b64f156de5d10410963fe238d82a4e7e97a2f
 	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 6.1.83 with commit 107052a8cfeff3a97326277192b4f052e4860a8a
 	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 6.6.23 with commit 8fad9c5bb00d3a9508d18bbfe832e33a47377730
 	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 6.7.11 with commit d6b4895197ab5a47cb81c6852d49320b05052960
 	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 6.8.2 with commit ed514ecf4f29c80a2f09ae3c877059b401efe893
 	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 6.9 with commit 7a4cf27d1f0538f779bf31b8c99eda394e277119
 	Issue introduced in 4.4.168 with commit dc4bc70259daba144f799e40a99413a86c601006
 	Issue introduced in 4.9.82 with commit d1d85ae79d5e5592dccba6890658c0999b864ddc
 	Issue introduced in 4.14.20 with commit ad91b2e392be4339e09eefd8479675b4232ddfa1
 	Issue introduced in 4.15.4 with commit ec1eeaf5b6c12b561d9a90588987e44a2e2f8b1a

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-27075
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/media/dvb-frontends/stv0367.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/c073c8cede5abd3836e83d70d72606d11d0759d4
 	https://git.kernel.org/stable/c/fa8b472952ef46eb632825051078c21ce0cafe55
 	https://git.kernel.org/stable/c/fb07104a02e87c06c39914d13ed67fd8f839ca82
 	https://git.kernel.org/stable/c/d20b64f156de5d10410963fe238d82a4e7e97a2f
 	https://git.kernel.org/stable/c/107052a8cfeff3a97326277192b4f052e4860a8a
 	https://git.kernel.org/stable/c/8fad9c5bb00d3a9508d18bbfe832e33a47377730
 	https://git.kernel.org/stable/c/d6b4895197ab5a47cb81c6852d49320b05052960
 	https://git.kernel.org/stable/c/ed514ecf4f29c80a2f09ae3c877059b401efe893
 	https://git.kernel.org/stable/c/7a4cf27d1f0538f779bf31b8c99eda394e277119
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-27075: media: dvb-frontends: avoid stack overflow warnings with clang

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	media: dvb-frontends: avoid stack overflow warnings with clang

	A previous patch worked around a KASAN issue in stv0367, now a similar
	problem showed up with clang:

	drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than]
	1214 \| static int stv0367ter_set_frontend(struct dvb_frontend *fe)

	Rework the stv0367_writereg() function to be simpler and mark both
	register access functions as noinline_for_stack so the temporary
	i2c_msg structures do not get duplicated on the stack when KASAN_STACK
	is enabled.

	The Linux kernel CVE team has assigned CVE-2024-27075 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 4.19.311 with commit c073c8cede5abd3836e83d70d72606d11d0759d4
	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 5.4.273 with commit fa8b472952ef46eb632825051078c21ce0cafe55
	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 5.10.214 with commit fb07104a02e87c06c39914d13ed67fd8f839ca82
	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 5.15.153 with commit d20b64f156de5d10410963fe238d82a4e7e97a2f
	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 6.1.83 with commit 107052a8cfeff3a97326277192b4f052e4860a8a
	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 6.6.23 with commit 8fad9c5bb00d3a9508d18bbfe832e33a47377730
	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 6.7.11 with commit d6b4895197ab5a47cb81c6852d49320b05052960
	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 6.8.2 with commit ed514ecf4f29c80a2f09ae3c877059b401efe893
	Issue introduced in 4.16 with commit 3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e and fixed in 6.9 with commit 7a4cf27d1f0538f779bf31b8c99eda394e277119
	Issue introduced in 4.4.168 with commit dc4bc70259daba144f799e40a99413a86c601006
	Issue introduced in 4.9.82 with commit d1d85ae79d5e5592dccba6890658c0999b864ddc
	Issue introduced in 4.14.20 with commit ad91b2e392be4339e09eefd8479675b4232ddfa1
	Issue introduced in 4.15.4 with commit ec1eeaf5b6c12b561d9a90588987e44a2e2f8b1a

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-27075
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/media/dvb-frontends/stv0367.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/c073c8cede5abd3836e83d70d72606d11d0759d4
	https://git.kernel.org/stable/c/fa8b472952ef46eb632825051078c21ce0cafe55
	https://git.kernel.org/stable/c/fb07104a02e87c06c39914d13ed67fd8f839ca82
	https://git.kernel.org/stable/c/d20b64f156de5d10410963fe238d82a4e7e97a2f
	https://git.kernel.org/stable/c/107052a8cfeff3a97326277192b4f052e4860a8a
	https://git.kernel.org/stable/c/8fad9c5bb00d3a9508d18bbfe832e33a47377730
	https://git.kernel.org/stable/c/d6b4895197ab5a47cb81c6852d49320b05052960
	https://git.kernel.org/stable/c/ed514ecf4f29c80a2f09ae3c877059b401efe893
	https://git.kernel.org/stable/c/7a4cf27d1f0538f779bf31b8c99eda394e277119