CVE-2024-53126

In psnetopenpfbar() and snetopenvfbar() a string later passed to pcimiomapregions() is placed on the stack. Neither pcimiomapregions() nor the functions it calls copy that string.

Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared.

Fix the bug by allocating the strings on the heap through devm_kasprintf().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

51a8f9d7f587290944d6fc733d1f897091c63159

Fixed

d372dd09cfbf1324f54cbffd81fcaf6cdf3e608e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

51a8f9d7f587290944d6fc733d1f897091c63159

Fixed

5bb287da2d2d5bb8f7376e223b02edb16998982e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

51a8f9d7f587290944d6fc733d1f897091c63159

Fixed

0b364cf53b20204e92bac7c6ebd1ee7d3ec62931

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.11.1

v6.11.2

v6.11.3

v6.11.4

v6.11.5

v6.11.6

v6.11.7

v6.11.8

v6.11.9

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.2

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.60

v6.6.61

v6.6.62

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-53126-4191561a",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 423.0,
            "function_hash": "42313273802749439593676591877905506085"
        },
        "target": {
            "function": "snet_open_vf_bar",
            "file": "drivers/vdpa/solidrun/snet_main.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5bb287da2d2d5bb8f7376e223b02edb16998982e",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2024-53126-7220fe44",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 650.0,
            "function_hash": "290078704765893483916674691711111073460"
        },
        "target": {
            "function": "psnet_open_pf_bar",
            "file": "drivers/vdpa/solidrun/snet_main.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5bb287da2d2d5bb8f7376e223b02edb16998982e",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2024-53126-83d7afcf",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 423.0,
            "function_hash": "42313273802749439593676591877905506085"
        },
        "target": {
            "function": "snet_open_vf_bar",
            "file": "drivers/vdpa/solidrun/snet_main.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d372dd09cfbf1324f54cbffd81fcaf6cdf3e608e",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2024-53126-b591869b",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 423.0,
            "function_hash": "42313273802749439593676591877905506085"
        },
        "target": {
            "function": "snet_open_vf_bar",
            "file": "drivers/vdpa/solidrun/snet_main.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0b364cf53b20204e92bac7c6ebd1ee7d3ec62931",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2024-53126-c5b6778b",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 650.0,
            "function_hash": "290078704765893483916674691711111073460"
        },
        "target": {
            "function": "psnet_open_pf_bar",
            "file": "drivers/vdpa/solidrun/snet_main.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0b364cf53b20204e92bac7c6ebd1ee7d3ec62931",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2024-53126-d1595bb0",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 650.0,
            "function_hash": "290078704765893483916674691711111073460"
        },
        "target": {
            "function": "psnet_open_pf_bar",
            "file": "drivers/vdpa/solidrun/snet_main.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d372dd09cfbf1324f54cbffd81fcaf6cdf3e608e",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2024-53126-eac687c1",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "297179454641107373601215742713175890271",
                "105685254794993428870744488704241269509",
                "25056775258939917067600023933062713203",
                "96750889093850753686663844463871803999",
                "18446121343432371444923402503871703881",
                "229008993916084320030687021709999271799",
                "162445857704042901083335073368060419699",
                "135073101982953424003810715311280154313",
                "212339877492905396440806743487726309010",
                "83284159826977878720570038696484382669",
                "67070448233657223972368447062822416824",
                "88227089159912293916644472910592508923",
                "113556356979545419013873473908642978920",
                "160275818756572498076946106825950755438"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/vdpa/solidrun/snet_main.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0b364cf53b20204e92bac7c6ebd1ee7d3ec62931",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2024-53126-edafdb6b",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "297179454641107373601215742713175890271",
                "105685254794993428870744488704241269509",
                "25056775258939917067600023933062713203",
                "96750889093850753686663844463871803999",
                "18446121343432371444923402503871703881",
                "229008993916084320030687021709999271799",
                "162445857704042901083335073368060419699",
                "135073101982953424003810715311280154313",
                "212339877492905396440806743487726309010",
                "83284159826977878720570038696484382669",
                "67070448233657223972368447062822416824",
                "88227089159912293916644472910592508923",
                "113556356979545419013873473908642978920",
                "160275818756572498076946106825950755438"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/vdpa/solidrun/snet_main.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d372dd09cfbf1324f54cbffd81fcaf6cdf3e608e",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2024-53126-f45c439e",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "297179454641107373601215742713175890271",
                "105685254794993428870744488704241269509",
                "25056775258939917067600023933062713203",
                "96750889093850753686663844463871803999",
                "18446121343432371444923402503871703881",
                "229008993916084320030687021709999271799",
                "162445857704042901083335073368060419699",
                "135073101982953424003810715311280154313",
                "212339877492905396440806743487726309010",
                "83284159826977878720570038696484382669",
                "67070448233657223972368447062822416824",
                "88227089159912293916644472910592508923",
                "113556356979545419013873473908642978920",
                "160275818756572498076946106825950755438"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/vdpa/solidrun/snet_main.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5bb287da2d2d5bb8f7376e223b02edb16998982e",
        "signature_type": "Line"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.3.0

Fixed

6.6.63

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.11.10