[SRU][N][PATCH 0/1] CVE-2024-53063

[Andrei Gherzan]

[Impact]

media: dvbdev: prevent the risk of out of memory access
The dvbdev contains a static variable used to store dvb minors.

The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set
or not. When not set, dvb_register_device() won't check for
boundaries, as it will rely that a previous call to
dvb_register_adapter() would already be enforcing it.

On a similar way, dvb_device_open() uses the assumption
that the register functions already did the needed checks.

This can be fragile if some device ends using different
calls. This also generate warnings on static check analysers
like Coverity.

So, add explicit guards to prevent potential risk of OOM issues.

[Fix]

Noble:  The upstream fix applied cleanly.
Bionic: The fix was sent to the ESM mailing list.
Xenial: The fix was sent to the ESM mailing list.

[Test Case]

* Build test for all supported architectures.
* Boot tested on amd64 architecture.

[Where problems could occur]

This change can affect DVB API support used by Digital TV devices.

Mauro Carvalho Chehab (1):
  media: dvbdev: prevent the risk of out of memory access

 drivers/media/dvb-core/dvbdev.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

-- 
2.43.0