APPLIED: [SRU][F][PATCH 0/1] CVE-2023-52614

Stefan Bader stefan.bader at canonical.com
Wed Sep 25 09:55:53 UTC 2024 

On 09.09.24 03:54, Koichiro Den wrote:
> [Impact]
> 
> PM / devfreq: Fix buffer overflow in trans_stat_show
> 
> Fix buffer overflow in trans_stat_show().
> 
> Convert simple snprintf to the more secure scnprintf with size of
> PAGE_SIZE.
> 
> Add condition checking if we are exceeding PAGE_SIZE and exit early from
> loop. Also add at the end a warning that we exceeded PAGE_SIZE and that
> stats is disabled.
> 
> Return -EFBIG in the case where we don't have enough space to write the
> full transition table.
> 
> Also document in the ABI that this function can return -EFBIG error.
> 
> [Backport]
> 
> I crafted a custom diff that suits our tree to avoid unnecessary changes
> and new features. The key missing dependencies missing from our tree are
> as follows:
> - commit b5d281f6c16d ("PM / devfreq: Rework freq_table to be local to devfreq struct")
> - commit a03dacb0316f ("PM / devfreq: Add cpu based scaling support to passive governor")
> - commit 483d557ee9a3 ("PM / devfreq: Clean up the devfreq instance name in sysfs attr")
> - commit 1ebd0bc0e8ad ("PM / devfreq: Move statistics to separate struct devfreq_stats")
> - commit 14a343968199 ("PM / devfreq: Add clearing transitions stats")
> - commit b76b3479dab9 ("PM / devfreq: Change time stats to 64-bit")
> - commit 5c0f6c795957 ("PM / devfreq: Add new interrupt_driven flag for governors")
> 
> [Fix]
> 
> Noble:  fixed via stable
> Jammy:  fixed via stable
> Focal:  Backport - crafted diff manually, see [Backport]
> Bionic: fix sent to esm ML
> Xenial: fix sent to esm ML
> Trusty: won't fix
> 
> [Test Case]
> 
> Compile and boot tested
> 
> [Where problems could occur]
> 
> This fix affects platforms that provide OPP table and request devfreq
> feature, an issue with this fix would cause buffer overflow when reading
> /sys/class/devfreq/.../trans_stat if the output exceeds PAGE_SIZE.
> 
> 
> Christian Marangi (1):
>    PM / devfreq: Fix buffer overflow in trans_stat_show
> 
>   Documentation/ABI/testing/sysfs-class-devfreq |  2 +
>   drivers/devfreq/devfreq.c                     | 60 +++++++++++++------
>   2 files changed, 43 insertions(+), 19 deletions(-)
> 

Applied to focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240925/73f6d91e/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240925/73f6d91e/attachment-0001.sig>

More information about the kernel-team mailing list