[SRU][F][PATCH v2 0/3] CVE-2021-47101

Koichiro Den koichiro.den at canonical.com
Mon Oct 28 07:41:37 UTC 2024 

[Impact]

asix: fix uninit-value in asix_mdio_read()

asix_read_cmd() may read less than sizeof(smsr) bytes and in this case
smsr will be uninitialized.

Fail log:
BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]
BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497
BUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497
 asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]
 asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497
 asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497

[Fix]

Noble:  not affected
Jammy:  fixed via stable
Focal:  Clean cherry-pick following two prereq commits backporting
Bionic: fix sent to esm ML
Xenial: not affected
Trusty: not affected

[Test Case]

Compile tested / Smatch tested on the changed file (with amd64 generic config) [*]

[*]: warn message found, which is irrelevant to the CVE backport.
     $ kchecker drivers/net/usb/asix_common.c
       --(snip)--
       CHECK   drivers/net/usb/asix_common.c
     drivers/net/usb/asix_common.c:634 asix_get_eeprom() warn: potential spectre issue 'eeprom_buff' [w]

[Where problems could occur]

This backport affects those who use ASIX USB Ethernet devices, an issue
with it would be visible to the user via unpredicted system behavior or
a system crash especially if some sort of regression will be found for
the prerequisite fix commit in the future.

[Notes]

v2:
  - Pull a follow-up fix commit from upstream that fixes the first prerequisite
    commit "net: asix: fix uninit value bugs". Also, fix [Impact] section in this cover letter.

Pavel Skripkin (3):
  net: asix: fix uninit value bugs
  asix: fix wrong return value in asix_check_host_enable()
  asix: fix uninit-value in asix_mdio_read()

 drivers/net/usb/asix_common.c | 73 ++++++++++++++++-------------------
 1 file changed, 33 insertions(+), 40 deletions(-)

-- 
2.43.0

More information about the kernel-team mailing list