[SRU][N][PATCH 0/1] CVE-2024-35992
Bethany Jamison
bethany.jamison at canonical.com
Mon Jun 24 22:50:19 UTC 2024
[Impact]
phy: marvell: a3700-comphy: Fix out of bounds read
There is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr'
every iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'.
Make sure 'gbe_phy_init[addr]' is used when all elements of
'gbe_phy_init_fix' array are handled.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
[Fix]
Noble: Clean cherry-pick from linux-6.8.y
Jammy: not affected
Focal: not affected
Bionic: not affected
Xenial: not affected
Trusty: not affected
[Test Case]
Compile and boot tested
[Where problems could occur]
This fix affects those who use the driver for the Marvell
physical layer, an issue with this fix would be visible to
the user via unexpected system behavior or a system crash.
Mikhail Kobuk (1):
phy: marvell: a3700-comphy: Fix out of bounds read
drivers/phy/marvell/phy-mvebu-a3700-comphy.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list