In the Linux kernel, the following vulnerability has been resolved:
drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
The perf tool allows users to create event groups through following cmd [1], but the driver does not check whether the array index is out of bounds when writing data to the eventgroup array. If the number of events in an eventgroup is greater than HNS3PMUMAXHWEVENTS, the memory write overflow of event_group array occurs.
Add array index check to fix the possible array out of bounds violation, and return directly when write new events are written to array bounds.
There are 9 different events in an event_group. [1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "227848542426135749650059761419217658061", "48995873868544875572101008686063931126", "316494427388257505416063358437535960234", "110341734570665479850564625131248085650", "273992299718025182238509656517241657503", "45416000029387775944833504941744670893", "225788687972160165138220468356608605289", "47769041152143365932725979063599360346", "155793584126601062118009173817993454600", "172551347376801035252082831463435458622", "15958873413655238639398777048380868728" ], "threshold": 0.9 }, "target": { "file": "drivers/perf/hisilicon/hns3_pmu.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-38568-2da5ac66" }, { "digest": { "length": 640.0, "function_hash": "264931902141925246815446657243813216408" }, "target": { "function": "hns3_pmu_validate_event_group", "file": "drivers/perf/hisilicon/hns3_pmu.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be1fa711e59c874d049f592aef1d4685bdd22bdf", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-38568-3adde89d" }, { "digest": { "length": 640.0, "function_hash": "264931902141925246815446657243813216408" }, "target": { "function": "hns3_pmu_validate_event_group", "file": "drivers/perf/hisilicon/hns3_pmu.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-38568-48dd46ee" }, { "digest": { "length": 640.0, "function_hash": "264931902141925246815446657243813216408" }, "target": { "function": "hns3_pmu_validate_event_group", "file": "drivers/perf/hisilicon/hns3_pmu.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa2d3d678895c8eedd003f1473f87d3f06fe6ec7", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-38568-615b694b" }, { "digest": { "line_hashes": [ "227848542426135749650059761419217658061", "48995873868544875572101008686063931126", "316494427388257505416063358437535960234", "110341734570665479850564625131248085650", "273992299718025182238509656517241657503", "45416000029387775944833504941744670893", "225788687972160165138220468356608605289", "47769041152143365932725979063599360346", "155793584126601062118009173817993454600", "172551347376801035252082831463435458622", "15958873413655238639398777048380868728" ], "threshold": 0.9 }, "target": { "file": "drivers/perf/hisilicon/hns3_pmu.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5120d322763c15c978bc47beb3b6dff45624304", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-38568-661cd34d" }, { "digest": { "length": 640.0, "function_hash": "264931902141925246815446657243813216408" }, "target": { "function": "hns3_pmu_validate_event_group", "file": "drivers/perf/hisilicon/hns3_pmu.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3669baf308308385a2ab391324abdde5682af5aa", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-38568-7fe4125a" }, { "digest": { "line_hashes": [ "227848542426135749650059761419217658061", "48995873868544875572101008686063931126", "316494427388257505416063358437535960234", "110341734570665479850564625131248085650", "273992299718025182238509656517241657503", "45416000029387775944833504941744670893", "225788687972160165138220468356608605289", "47769041152143365932725979063599360346", "155793584126601062118009173817993454600", "172551347376801035252082831463435458622", "15958873413655238639398777048380868728" ], "threshold": 0.9 }, "target": { "file": "drivers/perf/hisilicon/hns3_pmu.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be1fa711e59c874d049f592aef1d4685bdd22bdf", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-38568-9a2db95b" }, { "digest": { "length": 640.0, "function_hash": "264931902141925246815446657243813216408" }, "target": { "function": "hns3_pmu_validate_event_group", "file": "drivers/perf/hisilicon/hns3_pmu.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5120d322763c15c978bc47beb3b6dff45624304", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-38568-ab49fe89" }, { "digest": { "line_hashes": [ "227848542426135749650059761419217658061", "48995873868544875572101008686063931126", "316494427388257505416063358437535960234", "110341734570665479850564625131248085650", "273992299718025182238509656517241657503", "45416000029387775944833504941744670893", "225788687972160165138220468356608605289", "47769041152143365932725979063599360346", "155793584126601062118009173817993454600", "172551347376801035252082831463435458622", "15958873413655238639398777048380868728" ], "threshold": 0.9 }, "target": { "file": "drivers/perf/hisilicon/hns3_pmu.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3669baf308308385a2ab391324abdde5682af5aa", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-38568-baaed8fb" }, { "digest": { "line_hashes": [ "227848542426135749650059761419217658061", "48995873868544875572101008686063931126", "316494427388257505416063358437535960234", "110341734570665479850564625131248085650", "273992299718025182238509656517241657503", "45416000029387775944833504941744670893", "225788687972160165138220468356608605289", "47769041152143365932725979063599360346", "155793584126601062118009173817993454600", "172551347376801035252082831463435458622", "15958873413655238639398777048380868728" ], "threshold": 0.9 }, "target": { "file": "drivers/perf/hisilicon/hns3_pmu.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa2d3d678895c8eedd003f1473f87d3f06fe6ec7", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-38568-d9b23e66" } ] }