From: Gabriel Krisman Bertazi <krisman@suse.de>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-cve-announce@vger.kernel.org, <cve@kernel.org>,
<linux-kernel@vger.kernel.org>,
keescook@chromium.org
Subject: Re: CVE-2023-52685: pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
Date: Mon, 27 May 2024 20:32:54 -0400 [thread overview]
Message-ID: <87jzjeojwp.fsf@mailhost.krisman.be> (raw)
In-Reply-To: <2024051752-CVE-2023-52685-64c5@gregkh> (Greg Kroah-Hartman's message of "Fri, 17 May 2024 16:26:58 +0200")
Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> Description
> ===========
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
>
> In persistent_ram_init_ecc(), on 64-bit arches DIV_ROUND_UP() will return
> 64-bit value since persistent_ram_zone::buffer_size has type size_t which
> is derived from the 64-bit *unsigned long*, while the ecc_blocks variable
> this value gets assigned to has (always 32-bit) *int* type. Even if that
> value fits into *int* type, an overflow is still possible when calculating
> the size_t typed ecc_total variable further below since there's no cast to
> any 64-bit type before multiplication. Declaring the ecc_blocks variable
> as *size_t* should fix this mess...
>
> Found by Linux Verification Center (linuxtesting.org) with the SVACE static
> analysis tool.
Hi Greg,
[Cc'ing Kees, who is listed as the pstore maintainer]
I want to dispute this CVE. The overflow is in the module
initialization path, and can only happen at boot time or if the module
is loaded with specific parameters or due to specific acpi/device tree
data. Either way, it would require root privileges to trigger.
--
Gabriel Krisman Bertazi
next parent reply other threads:[~2024-05-28 0:33 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2024051752-CVE-2023-52685-64c5@gregkh>
2024-05-28 0:32 ` Gabriel Krisman Bertazi [this message]
2024-05-28 19:01 ` CVE-2023-52685: pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() Greg Kroah-Hartman
2024-06-17 21:17 ` Kees Cook
2024-06-18 13:09 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87jzjeojwp.fsf@mailhost.krisman.be \
--to=krisman@suse.de \
--cc=cve@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=linux-cve-announce@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox