cve/published/2024/CVE-2024-46859.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-46859: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

 The panasonic laptop code in various places uses the SINF array with index
 values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array
 is big enough.

 Not all panasonic laptops have this many SINF array entries, for example
 the Toughbook CF-18 model only has 10 SINF array entries. So it only
 supports the AC+DC brightness entries and mute.

 Check that the SINF array has a minimum size which covers all AC+DC
 brightness entries and refuse to load if the SINF array is smaller.

 For higher SINF indexes hide the sysfs attributes when the SINF array
 does not contain an entry for that attribute, avoiding show()/store()
 accessing the array out of bounds and add bounds checking to the probe()
 and resume() code accessing these.

 The Linux kernel CVE team has assigned CVE-2024-46859 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 3.3 with commit e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 and fixed in 5.15.168 with commit b7c2f692307fe704be87ea80d7328782b33c3cef
 	Issue introduced in 3.3 with commit e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 and fixed in 6.1.111 with commit 9291fadbd2720a869b1d2fcf82305648e2e62a16
 	Issue introduced in 3.3 with commit e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 and fixed in 6.6.52 with commit 6821a82616f60aa72c5909b3e252ad97fb9f7e2a
 	Issue introduced in 3.3 with commit e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 and fixed in 6.10.11 with commit b38c19783286a71693c2194ed1b36665168c09c4
 	Issue introduced in 3.3 with commit e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 and fixed in 6.11 with commit f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-46859
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/platform/x86/panasonic-laptop.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef
 	https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16
 	https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a
 	https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4
 	https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-46859: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

	The panasonic laptop code in various places uses the SINF array with index
	values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array
	is big enough.

	Not all panasonic laptops have this many SINF array entries, for example
	the Toughbook CF-18 model only has 10 SINF array entries. So it only
	supports the AC+DC brightness entries and mute.

	Check that the SINF array has a minimum size which covers all AC+DC
	brightness entries and refuse to load if the SINF array is smaller.

	For higher SINF indexes hide the sysfs attributes when the SINF array
	does not contain an entry for that attribute, avoiding show()/store()
	accessing the array out of bounds and add bounds checking to the probe()
	and resume() code accessing these.

	The Linux kernel CVE team has assigned CVE-2024-46859 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 3.3 with commit e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 and fixed in 5.15.168 with commit b7c2f692307fe704be87ea80d7328782b33c3cef
	Issue introduced in 3.3 with commit e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 and fixed in 6.1.111 with commit 9291fadbd2720a869b1d2fcf82305648e2e62a16
	Issue introduced in 3.3 with commit e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 and fixed in 6.6.52 with commit 6821a82616f60aa72c5909b3e252ad97fb9f7e2a
	Issue introduced in 3.3 with commit e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 and fixed in 6.10.11 with commit b38c19783286a71693c2194ed1b36665168c09c4
	Issue introduced in 3.3 with commit e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 and fixed in 6.11 with commit f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-46859
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/platform/x86/panasonic-laptop.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef
	https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16
	https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a
	https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4
	https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4