APPLIED: [SRU][F/J][PATCH 0/1] CVE-2024-49925

[Koichiro Den]

On Wed, Feb 05, 2025 at 04:26:10PM GMT, Massimiliano Pellizzer wrote:
> [Impact]
>
> fbdev: efifb: Register sysfs groups through driver core
>
> The driver core can register and cleanup sysfs groups already.
> Make use of that functionality to simplify the error handling and
> cleanup.
>
> Also avoid a UAF race during unregistering where the sysctl attributes
> were usable after the info struct was freed.
>
> [Fix]
>
> Oracular: Fixed via upstream stable updates (LP: #2089052)
> Noble: Fixed via upstream stable updates (LP: #2089884)
> Jammy: Backported from mainline
> Focal: Backported from mainline
>
> [Test Case]
>
> Compile and boot tested on a laptop with UEFI enabled:
>
> $ sudo dmesg | grep -i "efifb\|fb0"
> [    0.408128] pci 0000:04:00.0: BAR 0: assigned to efifb
> [    0.605730] efifb: probing for efifb
> [    0.605763] efifb: showing boot graphics
> [    0.607766] efifb: framebuffer at 0xfce0000000, using 8100k, total 8100k
> [    0.607768] efifb: mode is 1920x1080x32, linelength=7680, pages=1
> [    0.607770] efifb: scrolling: redraw
> [    0.607771] efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0
> [    0.607851] fb0: EFI VGA frame buffer device
>
> [Where problems could occur]
>
> The fix affects the EFI framebuffer driver. An issue with this fix may
> lead to kernel crashes, incorrect handling of sysfs attributes related
> to the framebuffer device, or failures in device registration and
> cleanup. This could result in a non-function console framebuffer output
> during system boot.
>
>
> Thomas Weißschuh (1):
>   fbdev: efifb: Register sysfs groups through driver core
>
>  drivers/video/fbdev/efifb.c | 11 ++---------
>  1 file changed, 2 insertions(+), 9 deletions(-)
>

Applied to focal:linux, jammy:linux master-next branches. Thanks!