[SRU][N][PATCH 1/1] hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
Bethany Jamison
bethany.jamison at canonical.com
Thu Oct 10 19:11:04 UTC 2024
From: Guenter Roeck <linux at roeck-us.net>
[ Upstream commit 5c1de37969b7bc0abcb20b86e91e70caebbd4f89 ]
DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large
negative number such as -9223372036854775808 is provided by the user.
Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
Signed-off-by: Guenter Roeck <linux at roeck-us.net>
Signed-off-by: Sasha Levin <sashal at kernel.org>
(cherry picked from commit 26825b62bd1bd3e53b4f44e0745cb516d5186343 linux-6.10.y)
CVE-2024-46756
Signed-off-by: Bethany Jamison <bethany.jamison at canonical.com>
---
drivers/hwmon/w83627ehf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/hwmon/w83627ehf.c b/drivers/hwmon/w83627ehf.c
index fe960c0a624f7..7d7d70afde655 100644
--- a/drivers/hwmon/w83627ehf.c
+++ b/drivers/hwmon/w83627ehf.c
@@ -895,7 +895,7 @@ store_target_temp(struct device *dev, struct device_attribute *attr,
if (err < 0)
return err;
- val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), 0, 127);
+ val = DIV_ROUND_CLOSEST(clamp_val(val, 0, 127000), 1000);
mutex_lock(&data->update_lock);
data->target_temp[nr] = val;
@@ -920,7 +920,7 @@ store_tolerance(struct device *dev, struct device_attribute *attr,
return err;
/* Limit the temp to 0C - 15C */
- val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), 0, 15);
+ val = DIV_ROUND_CLOSEST(clamp_val(val, 0, 15000), 1000);
mutex_lock(&data->update_lock);
reg = w83627ehf_read_value(data, W83627EHF_REG_TOLERANCE[nr]);
--
2.34.1
More information about the kernel-team
mailing list