NACK: [SRU][N][PATCH 0/1] CVE-2024-53063
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Mon Mar 17 10:17:47 UTC 2025
On Wed, 12 Mar 2025 at 21:39, Andrei Gherzan
<andrei.gherzan at canonical.com> wrote:
>
> [Impact]
>
> media: dvbdev: prevent the risk of out of memory access
> The dvbdev contains a static variable used to store dvb minors.
>
> The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set
> or not. When not set, dvb_register_device() won't check for
> boundaries, as it will rely that a previous call to
> dvb_register_adapter() would already be enforcing it.
>
> On a similar way, dvb_device_open() uses the assumption
> that the register functions already did the needed checks.
>
> This can be fragile if some device ends using different
> calls. This also generate warnings on static check analysers
> like Coverity.
>
> So, add explicit guards to prevent potential risk of OOM issues.
>
> [Fix]
>
> Noble: The upstream fix applied cleanly.
> Bionic: The fix was sent to the ESM mailing list.
> Xenial: The fix was sent to the ESM mailing list.
>
> [Test Case]
>
> * Build test for all supported architectures.
> * Boot tested on amd64 architecture.
>
> [Where problems could occur]
>
> This change can affect DVB API support used by Digital TV devices.
>
> Mauro Carvalho Chehab (1):
> media: dvbdev: prevent the risk of out of memory access
>
> drivers/media/dvb-core/dvbdev.c | 17 +++++++++++++++--
> 1 file changed, 15 insertions(+), 2 deletions(-)
>
> --
> 2.43.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Thanks for backporting the fix.
Unfortunately the patch has been already applied
via upstream stable updates (LP: #2100292).
Due to this I will nack this patch.
--
Massimiliano Pellizzer
More information about the kernel-team
mailing list