diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-48672.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-48672.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-48672.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-48672.patch new file mode 100644 index 000000000..93d21e5da --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-48672.patch @@ -0,0 +1,39 @@ +From 2133f451311671c7c42b5640d2b999326b39aa0e Mon Sep 17 00:00:00 2001 +From: Sergey Shtylyov <s.shtylyov@omp.ru> +Date: Sat, 13 Aug 2022 23:34:16 +0300 +Subject: of: fdt: fix off-by-one error in unflatten_dt_nodes() + +[ Upstream commit 2f945a792f67815abca26fa8a5e863ccf3fa1181 ] + +Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") +forgot to fix up the depth check in the loop body in unflatten_dt_nodes() +which makes it possible to overflow the nps[] buffer... + +Found by Linux Verification Center (linuxtesting.org) with the SVACE static +analysis tool. + +Fixes: 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") +Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru> +Signed-off-by: Rob Herring <robh@kernel.org> +Link: https://lore.kernel.org/r/7c354554-006f-6b31-c195-cdfe4caee392@omp.ru +Signed-off-by: Sasha Levin <sashal@kernel.org> +--- + drivers/of/fdt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c +index 520ed965bb7a4e..583ca847a39cba 100644 +--- a/drivers/of/fdt.c ++++ b/drivers/of/fdt.c +@@ -314,7 +314,7 @@ static int unflatten_dt_nodes(const void *blob, + for (offset = 0; + offset >= 0 && depth >= initial_depth; + offset = fdt_next_node(blob, offset, &depth)) { +- if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH)) ++ if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH - 1)) + continue; + + if (!IS_ENABLED(CONFIG_OF_KOBJ) && +-- +cgit 1.2.3-korg + |