From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BDCD4C6FD20 for ; Fri, 24 Mar 2023 13:40:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231802AbjCXNko (ORCPT ); Fri, 24 Mar 2023 09:40:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46922 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231864AbjCXNkn (ORCPT ); Fri, 24 Mar 2023 09:40:43 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D2A022785; Fri, 24 Mar 2023 06:40:40 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id C83DE1FE6B; Fri, 24 Mar 2023 13:40:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1679665238; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type; bh=/o2biA8h7/stouQe+BpAQlLZo41s3+FwkTJaWirdfNs=; b=CBasj7B/snzpze3ToXwTE48Dhsy2EWZF0OE6wbi168by79wArBG+oc8U85i9gG/ix4gGDy UJm5OBaXU8D2BxcZPzjn7dGg5dPcfLDD9plZNfr7KIA4VH91OeAEhWPXiMva2VIAK8MXZH bV/S4jAPxTfkXlclcY3jdmBztbGVyTI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1679665238; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type; bh=/o2biA8h7/stouQe+BpAQlLZo41s3+FwkTJaWirdfNs=; b=btYp+XVg8mflanIy9Ed4jSZN8IJNgB9kkm5LxnTowHnZD4fC0TjtktLQMa4BwgXtagN84a 6ZtxR2l6iMLR2PAw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id AC08C133E5; Fri, 24 Mar 2023 13:40:38 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 3BlXKVaoHWQFMQAAMHmgww (envelope-from ); Fri, 24 Mar 2023 13:40:38 +0000 Date: Fri, 24 Mar 2023 14:40:38 +0100 Message-ID: <87ileq5ktl.wl-tiwai@suse.de> From: Takashi Iwai To: Andy Gross , Bjorn Andersson Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Missing qcom/mdt_loader.c fix for CVE-2022-40540? User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/27.2 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org Hi, I was asked about the handling for CVE-2022-40540 [*] on SUSE kernels, and through a quick glance, the upstream code still misses the fix. Namely, the downstream fix for the integer overflow check of the firmware size below: https://git.codelinaro.org/clo/la/kernel/msm-5.10/-/commit/dae3214cd3495e5c4b37537cacf665d2cdeaea24 ... can be applied to the current upstream code (as of 6.3-rc3) as far as I understand. Could you guys check it and apply the fix if really needed? Thanks! Takashi [*] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40540 https://bugzilla.redhat.com/show_bug.cgi?id=2180513 https://www.cve.org/CVERecord?id=CVE-2022-40540 https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin