* CVE-2021-47202: thermal: Fix NULL pointer dereferences in of_thermal_ functions
@ 2024-04-10 18:57 Greg Kroah-Hartman
0 siblings, 0 replies; only message in thread
From: Greg Kroah-Hartman @ 2024-04-10 18:57 UTC (permalink / raw)
To: linux-cve-announce; +Cc: Greg Kroah-Hartman
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
thermal: Fix NULL pointer dereferences in of_thermal_ functions
of_parse_thermal_zones() parses the thermal-zones node and registers a
thermal_zone device for each subnode. However, if a thermal zone is
consuming a thermal sensor and that thermal sensor device hasn't probed
yet, an attempt to set trip_point_*_temp for that thermal zone device
can cause a NULL pointer dereference. Fix it.
console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp
...
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020
...
Call trace:
of_thermal_set_trip_temp+0x40/0xc4
trip_point_temp_store+0xc0/0x1dc
dev_attr_store+0x38/0x88
sysfs_kf_write+0x64/0xc0
kernfs_fop_write_iter+0x108/0x1d0
vfs_write+0x2f4/0x368
ksys_write+0x7c/0xec
__arm64_sys_write+0x20/0x30
el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc
do_el0_svc+0x28/0xa0
el0_svc+0x14/0x24
el0_sync_handler+0x88/0xec
el0_sync+0x1c0/0x200
While at it, fix the possible NULL pointer dereference in other
functions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(),
of_thermal_get_trend().
The Linux kernel CVE team has assigned CVE-2021-47202 to this issue.
Affected and fixed versions
===========================
Fixed in 5.4.210 with commit 828f4c31684d
Fixed in 5.10.81 with commit 6a315471cb6a
Fixed in 5.14.21 with commit 0750f769b958
Fixed in 5.15.4 with commit ef2590a5305e
Fixed in 5.16 with commit 96cfe05051fd
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2021-47202
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/thermal/thermal_of.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/828f4c31684da94ecf0b44a2cbd35bbede04f0bd
https://git.kernel.org/stable/c/6a315471cb6a07f651e1d3adc8962730f4fcccac
https://git.kernel.org/stable/c/0750f769b95841b34a9fe8c418dd792ff526bf86
https://git.kernel.org/stable/c/ef2590a5305e0b8e9342f84c2214aa478ee7f28e
https://git.kernel.org/stable/c/96cfe05051fd8543cdedd6807ec59a0e6c409195
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-04-10 18:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-10 18:57 CVE-2021-47202: thermal: Fix NULL pointer dereferences in of_thermal_ functions Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).