[SRU][N][PATCH 1/1] hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
Bethany Jamison
bethany.jamison at canonical.com
Fri Oct 11 19:47:50 UTC 2024
From: Guenter Roeck <linux at roeck-us.net>
[ Upstream commit 0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 ]
DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large
negative number such as -9223372036854775808 is provided by the user.
Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
Signed-off-by: Guenter Roeck <linux at roeck-us.net>
Signed-off-by: Sasha Levin <sashal at kernel.org>
(cherry picked from commit 996221b030995cc5f5baa4a642201d64b62a17cd linux-6.10.y)
CVE-2024-46757
Signed-off-by: Bethany Jamison <bethany.jamison at canonical.com>
---
drivers/hwmon/nct6775-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hwmon/nct6775-core.c b/drivers/hwmon/nct6775-core.c
index 9fbab8f023340..934fed3dd5866 100644
--- a/drivers/hwmon/nct6775-core.c
+++ b/drivers/hwmon/nct6775-core.c
@@ -2262,7 +2262,7 @@ store_temp_offset(struct device *dev, struct device_attribute *attr,
if (err < 0)
return err;
- val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), -128, 127);
+ val = DIV_ROUND_CLOSEST(clamp_val(val, -128000, 127000), 1000);
mutex_lock(&data->update_lock);
data->temp_offset[nr] = val;
--
2.34.1
More information about the kernel-team
mailing list