[SRU][F/J][PATCH 0/1] CVE-2024-49925

[Massimiliano Pellizzer]

[Impact]

fbdev: efifb: Register sysfs groups through driver core

The driver core can register and cleanup sysfs groups already.
Make use of that functionality to simplify the error handling and
cleanup.

Also avoid a UAF race during unregistering where the sysctl attributes
were usable after the info struct was freed.

[Fix]

Oracular: Fixed via upstream stable updates (LP: #2089052)
Noble: Fixed via upstream stable updates (LP: #2089884)
Jammy: Backported from mainline
Focal: Backported from mainline

[Test Case]

Compile and boot tested on a laptop with UEFI enabled:

$ sudo dmesg | grep -i "efifb\|fb0"
[    0.408128] pci 0000:04:00.0: BAR 0: assigned to efifb
[    0.605730] efifb: probing for efifb
[    0.605763] efifb: showing boot graphics
[    0.607766] efifb: framebuffer at 0xfce0000000, using 8100k, total 8100k
[    0.607768] efifb: mode is 1920x1080x32, linelength=7680, pages=1
[    0.607770] efifb: scrolling: redraw
[    0.607771] efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0
[    0.607851] fb0: EFI VGA frame buffer device

[Where problems could occur]

The fix affects the EFI framebuffer driver. An issue with this fix may
lead to kernel crashes, incorrect handling of sysfs attributes related
to the framebuffer device, or failures in device registration and
cleanup. This could result in a non-function console framebuffer output
during system boot.


Thomas Weißschuh (1):
  fbdev: efifb: Register sysfs groups through driver core

 drivers/video/fbdev/efifb.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

-- 
2.43.0