cve/published/2024/CVE-2024-42092.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-42092: gpio: davinci: Validate the obtained number of IRQs

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 gpio: davinci: Validate the obtained number of IRQs

 Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken
 DT due to any error this value can be any. Without this value validation
 there can be out of chips->irqs array boundaries access in
 davinci_gpio_probe().

 Validate the obtained nirq value so that it won't exceed the maximum
 number of IRQs per bank.

 Found by Linux Verification Center (linuxtesting.org) with SVACE.

 The Linux kernel CVE team has assigned CVE-2024-42092 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 4.19.317 with commit a8d78984fdc105bc1a38b73e98d32b1bc4222684
 	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 5.4.279 with commit cd75721984337c38a12aeca33ba301d31ca4b3fd
 	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 5.10.221 with commit e44a83bf15c4db053ac6dfe96a23af184c9136d9
 	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 5.15.162 with commit 70b48899f3f23f98a52c5b1060aefbdc7ba7957b
 	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 6.1.97 with commit 89d7008af4945808677662a630643b5ea89c6e8d
 	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 6.6.37 with commit 2d83492259ad746b655f196cd5d1be4b3d0a3782
 	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 6.9.8 with commit c542e51306d5f1eba3af84daa005826223382470
 	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 6.10 with commit 7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-42092
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/gpio/gpio-davinci.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684
 	https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd
 	https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9
 	https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b
 	https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d
 	https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782
 	https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470
 	https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-42092: gpio: davinci: Validate the obtained number of IRQs

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	gpio: davinci: Validate the obtained number of IRQs

	Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken
	DT due to any error this value can be any. Without this value validation
	there can be out of chips->irqs array boundaries access in
	davinci_gpio_probe().

	Validate the obtained nirq value so that it won't exceed the maximum
	number of IRQs per bank.

	Found by Linux Verification Center (linuxtesting.org) with SVACE.

	The Linux kernel CVE team has assigned CVE-2024-42092 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 4.19.317 with commit a8d78984fdc105bc1a38b73e98d32b1bc4222684
	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 5.4.279 with commit cd75721984337c38a12aeca33ba301d31ca4b3fd
	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 5.10.221 with commit e44a83bf15c4db053ac6dfe96a23af184c9136d9
	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 5.15.162 with commit 70b48899f3f23f98a52c5b1060aefbdc7ba7957b
	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 6.1.97 with commit 89d7008af4945808677662a630643b5ea89c6e8d
	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 6.6.37 with commit 2d83492259ad746b655f196cd5d1be4b3d0a3782
	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 6.9.8 with commit c542e51306d5f1eba3af84daa005826223382470
	Issue introduced in 4.19 with commit eb3744a2dd01cb07ce9f556d56d6fe451f0c313a and fixed in 6.10 with commit 7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-42092
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/gpio/gpio-davinci.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684
	https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd
	https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9
	https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b
	https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d
	https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782
	https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470
	https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164