cve/published/2024/CVE-2024-43824.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-43824: PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()

 Instead of getting the epc_features from pci_epc_get_features() API, use
 the cached pci_epf_test::epc_features value to avoid the NULL check. Since
 the NULL check is already performed in pci_epf_test_bind(), having one more
 check in pci_epf_test_core_init() is redundant and it is not possible to
 hit the NULL pointer dereference.

 Also with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"
 flag"), 'epc_features' got dereferenced without the NULL check, leading to
 the following false positive Smatch warning:

   drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed 'epc_features' could be null (see line 747)

 Thus, remove the redundant NULL check and also use the epc_features::
 {msix_capable/msi_capable} flags directly to avoid local variables.

 [kwilczynski: commit log]

 The Linux kernel CVE team has assigned CVE-2024-43824 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.7 with commit 5e50ee27d4a52a817ab152128c48690ec7c5cdf1 and fixed in 6.10.3 with commit af4ad016abb1632ff7ee598a6037952b495e5b80
 	Issue introduced in 5.7 with commit 5e50ee27d4a52a817ab152128c48690ec7c5cdf1 and fixed in 6.11 with commit 5a5095a8bd1bd349cce1c879e5e44407a34dda8a

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-43824
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/pci/endpoint/functions/pci-epf-test.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80
 	https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-43824: PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()

	Instead of getting the epc_features from pci_epc_get_features() API, use
	the cached pci_epf_test::epc_features value to avoid the NULL check. Since
	the NULL check is already performed in pci_epf_test_bind(), having one more
	check in pci_epf_test_core_init() is redundant and it is not possible to
	hit the NULL pointer dereference.

	Also with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"
	flag"), 'epc_features' got dereferenced without the NULL check, leading to
	the following false positive Smatch warning:

	drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed 'epc_features' could be null (see line 747)

	Thus, remove the redundant NULL check and also use the epc_features::
	{msix_capable/msi_capable} flags directly to avoid local variables.

	[kwilczynski: commit log]

	The Linux kernel CVE team has assigned CVE-2024-43824 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.7 with commit 5e50ee27d4a52a817ab152128c48690ec7c5cdf1 and fixed in 6.10.3 with commit af4ad016abb1632ff7ee598a6037952b495e5b80
	Issue introduced in 5.7 with commit 5e50ee27d4a52a817ab152128c48690ec7c5cdf1 and fixed in 6.11 with commit 5a5095a8bd1bd349cce1c879e5e44407a34dda8a

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-43824
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/pci/endpoint/functions/pci-epf-test.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80
	https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a