ACK: [SRU][F][PATCH v2 0/3] CVE-2021-47101

Manuel Diewald manuel.diewald at canonical.com
Mon Oct 28 13:56:29 UTC 2024 

On Mon, Oct 28, 2024 at 04:41:37PM +0900, Koichiro Den wrote:
> [Impact]
> 
> asix: fix uninit-value in asix_mdio_read()
> 
> asix_read_cmd() may read less than sizeof(smsr) bytes and in this case
> smsr will be uninitialized.
> 
> Fail log:
> BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]
> BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497
> BUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497
>  asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]
>  asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497
>  asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497
> 
> [Fix]
> 
> Noble:  not affected
> Jammy:  fixed via stable
> Focal:  Clean cherry-pick following two prereq commits backporting
> Bionic: fix sent to esm ML
> Xenial: not affected
> Trusty: not affected
> 
> [Test Case]
> 
> Compile tested / Smatch tested on the changed file (with amd64 generic config) [*]
> 
> [*]: warn message found, which is irrelevant to the CVE backport.
>      $ kchecker drivers/net/usb/asix_common.c
>        --(snip)--
>        CHECK   drivers/net/usb/asix_common.c
>      drivers/net/usb/asix_common.c:634 asix_get_eeprom() warn: potential spectre issue 'eeprom_buff' [w]
> 
> [Where problems could occur]
> 
> This backport affects those who use ASIX USB Ethernet devices, an issue
> with it would be visible to the user via unpredicted system behavior or
> a system crash especially if some sort of regression will be found for
> the prerequisite fix commit in the future.
> 
> [Notes]
> 
> v2:
>   - Pull a follow-up fix commit from upstream that fixes the first prerequisite
>     commit "net: asix: fix uninit value bugs". Also, fix [Impact] section in this cover letter.
> 
> Pavel Skripkin (3):
>   net: asix: fix uninit value bugs
>   asix: fix wrong return value in asix_check_host_enable()
>   asix: fix uninit-value in asix_mdio_read()
> 
>  drivers/net/usb/asix_common.c | 73 ++++++++++++++++-------------------
>  1 file changed, 33 insertions(+), 40 deletions(-)
> 
> -- 
> 2.43.0
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Acked-by: Manuel Diewald <manuel.diewald at canonical.com>

-- 
 Manuel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241028/6e15b6c5/attachment.sig>

More information about the kernel-team mailing list