cve/published/2024/CVE-2024-35878.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-35878: of: module: prevent NULL pointer dereference in vsnprintf()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 of: module: prevent NULL pointer dereference in vsnprintf()

 In of_modalias(), we can get passed the str and len parameters which would
 cause a kernel oops in vsnprintf() since it only allows passing a NULL ptr
 when the length is also 0. Also, we need to filter out the negative values
 of the len parameter as these will result in a really huge buffer since
 snprintf() takes size_t parameter while ours is ssize_t...

 Found by Linux Verification Center (linuxtesting.org) with the Svace static
 analysis tool.

 The Linux kernel CVE team has assigned CVE-2024-35878 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 6.6.26 with commit e4a449368a2ce6d57a775d0ead27fc07f5a86e5b
 	Fixed in 6.8.5 with commit 544561dc56f7e69a053c25e11e6170f48bb97898
 	Fixed in 6.9 with commit a1aa5390cc912934fee76ce80af5f940452fa987

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-35878
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/of/module.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b
 	https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898
 	https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-35878: of: module: prevent NULL pointer dereference in vsnprintf()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	of: module: prevent NULL pointer dereference in vsnprintf()

	In of_modalias(), we can get passed the str and len parameters which would
	cause a kernel oops in vsnprintf() since it only allows passing a NULL ptr
	when the length is also 0. Also, we need to filter out the negative values
	of the len parameter as these will result in a really huge buffer since
	snprintf() takes size_t parameter while ours is ssize_t...

	Found by Linux Verification Center (linuxtesting.org) with the Svace static
	analysis tool.

	The Linux kernel CVE team has assigned CVE-2024-35878 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 6.6.26 with commit e4a449368a2ce6d57a775d0ead27fc07f5a86e5b
	Fixed in 6.8.5 with commit 544561dc56f7e69a053c25e11e6170f48bb97898
	Fixed in 6.9 with commit a1aa5390cc912934fee76ce80af5f940452fa987

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-35878
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/of/module.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b
	https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898
	https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987