cve/published/2024/CVE-2024-50287.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-50287: media: v4l2-tpg: prevent the risk of a division by zero

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 media: v4l2-tpg: prevent the risk of a division by zero

 As reported by Coverity, the logic at tpg_precalculate_line()
 blindly rescales the buffer even when scaled_witdh is equal to
 zero. If this ever happens, this will cause a division by zero.

 Instead, add a WARN_ON_ONCE() to trigger such cases and return
 without doing any precalculation.

 The Linux kernel CVE team has assigned CVE-2024-50287 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 4.19.324 with commit e3c36d0bde309f690ed1f9cd5f7e63b3a513f94a
 	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 5.4.286 with commit 0bfc6e38ee2250f0503d96f1a1de441c31d88715
 	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 5.10.230 with commit 054931ca3cfcb8e8fa036e887d6f379942b02565
 	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 5.15.172 with commit a749c15dccc58d9cbad9cd23bd8ab4b5fa96cf47
 	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 6.1.117 with commit c63c30c9d9f2c8de34b16cd2b8400240533b914e
 	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 6.6.61 with commit 2d0f01aa602fd15a805771bdf3f4d9a9b4df7f47
 	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 6.11.8 with commit 0cdb42ba0b28f548c1a4e86bb8489dba0d78fc21
 	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 6.12 with commit e6a3ea83fbe15d4818d01804e904cbb0e64e543b

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-50287
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/media/common/v4l2-tpg/v4l2-tpg-core.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/e3c36d0bde309f690ed1f9cd5f7e63b3a513f94a
 	https://git.kernel.org/stable/c/0bfc6e38ee2250f0503d96f1a1de441c31d88715
 	https://git.kernel.org/stable/c/054931ca3cfcb8e8fa036e887d6f379942b02565
 	https://git.kernel.org/stable/c/a749c15dccc58d9cbad9cd23bd8ab4b5fa96cf47
 	https://git.kernel.org/stable/c/c63c30c9d9f2c8de34b16cd2b8400240533b914e
 	https://git.kernel.org/stable/c/2d0f01aa602fd15a805771bdf3f4d9a9b4df7f47
 	https://git.kernel.org/stable/c/0cdb42ba0b28f548c1a4e86bb8489dba0d78fc21
 	https://git.kernel.org/stable/c/e6a3ea83fbe15d4818d01804e904cbb0e64e543b
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-50287: media: v4l2-tpg: prevent the risk of a division by zero

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	media: v4l2-tpg: prevent the risk of a division by zero

	As reported by Coverity, the logic at tpg_precalculate_line()
	blindly rescales the buffer even when scaled_witdh is equal to
	zero. If this ever happens, this will cause a division by zero.

	Instead, add a WARN_ON_ONCE() to trigger such cases and return
	without doing any precalculation.

	The Linux kernel CVE team has assigned CVE-2024-50287 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 4.19.324 with commit e3c36d0bde309f690ed1f9cd5f7e63b3a513f94a
	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 5.4.286 with commit 0bfc6e38ee2250f0503d96f1a1de441c31d88715
	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 5.10.230 with commit 054931ca3cfcb8e8fa036e887d6f379942b02565
	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 5.15.172 with commit a749c15dccc58d9cbad9cd23bd8ab4b5fa96cf47
	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 6.1.117 with commit c63c30c9d9f2c8de34b16cd2b8400240533b914e
	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 6.6.61 with commit 2d0f01aa602fd15a805771bdf3f4d9a9b4df7f47
	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 6.11.8 with commit 0cdb42ba0b28f548c1a4e86bb8489dba0d78fc21
	Issue introduced in 3.18 with commit 63881df94d3ecbb0deafa0b77da62ff2f32961c4 and fixed in 6.12 with commit e6a3ea83fbe15d4818d01804e904cbb0e64e543b

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50287
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/media/common/v4l2-tpg/v4l2-tpg-core.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/e3c36d0bde309f690ed1f9cd5f7e63b3a513f94a
	https://git.kernel.org/stable/c/0bfc6e38ee2250f0503d96f1a1de441c31d88715
	https://git.kernel.org/stable/c/054931ca3cfcb8e8fa036e887d6f379942b02565
	https://git.kernel.org/stable/c/a749c15dccc58d9cbad9cd23bd8ab4b5fa96cf47
	https://git.kernel.org/stable/c/c63c30c9d9f2c8de34b16cd2b8400240533b914e
	https://git.kernel.org/stable/c/2d0f01aa602fd15a805771bdf3f4d9a9b4df7f47
	https://git.kernel.org/stable/c/0cdb42ba0b28f548c1a4e86bb8489dba0d78fc21
	https://git.kernel.org/stable/c/e6a3ea83fbe15d4818d01804e904cbb0e64e543b