From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5465936124 for ; Mon, 18 Mar 2024 10:15:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710756905; cv=none; b=SqaAoA++kigf+up0PvsxgFsdyUEKbJtNnw/7XTWYLXSh6zg3mLkkXQbuwqvxdoE0qlLNM4nOzcOs5Htx7+CBVEm4v/6/6eAtrxDMQaMbOuVWOY0WoE85CuMUAZwQUUpu0FggOkCKHTHLXsVPWVPAG81id51aV1ZhEEZVkOJy0MQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710756905; c=relaxed/simple; bh=mYchYbJUv47Z04cdeHPsCuEM8bNNOqpOK1Qsqpylq+w=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=aUKo8gdp9IY+Udvmn2lyAEoqybUPLrk8YYXeh8ihfaAqngAUPVvfjFWWTUPIVCqBt8gdXDV6ysFqwcXgdlxSzvB1sCGe16XThiyhg1dlvgqaIG7NAowxLPZeIpd5bit0ttVkMRPPq9oGEJYl6c0zcbMemTzhAyjXKwlC+nepbF4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rd4Sgmge; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rd4Sgmge" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4B68EC433C7; Mon, 18 Mar 2024 10:15:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1710756905; bh=mYchYbJUv47Z04cdeHPsCuEM8bNNOqpOK1Qsqpylq+w=; h=From:To:Cc:Subject:Date:Reply-to:From; b=rd4Sgmge5y+qWd/SIwK7Iz7IPstKV0L6MsNN3Mow+JrGhDged41xuxjoTjMC/ovxu lxxtQ8fvAgwKQ2Aa3Hp1HmWg2UpK05j+Q8YpgzjJLAzcN5WKdPNcZmME9DVs+y5fGS QVVO/jeFvRTi39QguVyMG19zy6k15NRmpK5uYJUfYsVi9/vGT79p6vIQ/ss0ImfxiE lDKEAEpuyXbt/6TZ4nLUN4V1DtnW4GH+LybMOlfPsKsUXqFSgeBmiwRTxUN6XFRjni s0V7HYsTbdZjBR8m98C+K6XI0zgn356kjYY2r0wnLcZ9cq7oX+jGvQiTLhCfAPBjug eoYIuncrmy+RQ== From: Lee Jones To: linux-cve-announce@vger.kernel.org Cc: Lee Jones Subject: CVE-2023-52614: PM / devfreq: Fix buffer overflow in trans_stat_show Date: Mon, 18 Mar 2024 10:14:59 +0000 Message-ID: <20240318101458.2835626-9-lee@kernel.org> X-Mailer: git-send-email 2.44.0.291.gc1ea87d7ee-goog Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Reply-to: , X-Developer-Signature: v=1; a=openpgp-sha256; l=2669; i=lee@kernel.org; h=from:subject; bh=mYchYbJUv47Z04cdeHPsCuEM8bNNOqpOK1Qsqpylq+w=; b=owEBbQKS/ZANAwAKAVGvii+H/HdhAcsmYgBl+BQimoWkK1Lm1FtrUG/bD8sS6nwu9VpXX6HhY UAVPMnQQwSJAjMEAAEKAB0WIQR2tsk1o74gmpTwh0hRr4ovh/x3YQUCZfgUIgAKCRBRr4ovh/x3 YUfdD/9xOMbsewM78tNMVMoCqS89zgAFy/REFaTUUGFyb3+shVztLHuQun0qUe7mKGcEreSGeic lXt41A5CjFSdJ+O3vZ81AD7YYtdeSswu/f2TgW0dDklyxd94WDKHPTRaBiz3MnaRjkln6a66jve nKVhwdwC+SF9j4mpnMcmUZ9yxdZ/5mAirLgEbRBRo3dW5YrBfomn44dkNzYRqFWtsoY7SdAY8wI hhUbxHHr9o7Gaz2sfHhyoHKqoUOVP6oRDDp7q80ehKDhD7/r2twLoVKP87d3DkgzPoXA190PJZy ++M/KfK6VIF8ZutP/DTi4UREO6LxakYCPUDO3doZW4/QV4h8z0ZrVOvXBHHc4xJgsvIcocZEB5u FnQRK2ANmB95Z+3CHaws/iHYXsITNSIh6JmzR58VKRluFVBUxjnWtcIBkMVSv6RxfC4QJZ9ySC3 NT6L0gffje1vjHtwA1B1rtSl5lBgXVq1YvWbVV9tImOG5Gvddi4RQ4WoR/UxMCSnB1g9Zl3IjcW IyCBHbrukH3KCfPl87CBTXmvcvmTYVx6Q1bQmX1Ax2X6gZcMVDrIDhKiEDLEiTw72YRZtFUWjMk GQnkyFCVpyNxkWhX2t5Tv4Em+x4aL0jayqZ9ImV6k4GklzRfnSEgx4XPmYxLeqer+atrjZHJDvZ AS5Gbt/0uVXlN8w== X-Developer-Key: i=lee@kernel.org; a=openpgp; fpr=76B6C935A3BE209A94F0874851AF8A2F87FC7761 Content-Transfer-Encoding: 8bit Description =========== In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error. The Linux kernel CVE team has assigned CVE-2023-52614 to this issue. Affected and fixed versions =========================== Issue introduced in 3.8 with commit e552bbaf5b98 and fixed in 5.15.149 with commit 796d3fad8c35 Issue introduced in 3.8 with commit e552bbaf5b98 and fixed in 6.1.76 with commit 8a7729cda2dd Issue introduced in 3.8 with commit e552bbaf5b98 and fixed in 6.6.15 with commit a979f56aa4b9 Issue introduced in 3.8 with commit e552bbaf5b98 and fixed in 6.7.3 with commit eaef4650fa20 Issue introduced in 3.8 with commit e552bbaf5b98 and fixed in 6.8 with commit 08e23d05fa6d Please see https://www.kernel.org or a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-52614 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: Documentation/ABI/testing/sysfs-class-devfreq drivers/devfreq/devfreq.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/796d3fad8c35ee9df9027899fb90ceaeb41b958f https://git.kernel.org/stable/c/8a7729cda2dd276d7a3994638038fb89035b6f2c https://git.kernel.org/stable/c/a979f56aa4b93579cf0e4265ae04d7e9300fd3e8 https://git.kernel.org/stable/c/eaef4650fa2050147ca25fd7ee43bc0082e03c87 https://git.kernel.org/stable/c/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4