From bippy-c9c4e1df01b2 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman To: Reply-to: , Subject: CVE-2024-36015: ppdev: Add an error check in register_device Description =========== In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be checked after ida_simple_get. When the index value is abnormal, a warning message should be printed, the port should be dropped, and the value should be recorded. The Linux kernel CVE team has assigned CVE-2024-36015 to this issue. Affected and fixed versions =========================== Issue introduced in 4.11 with commit 9a69645dde11 and fixed in 4.19.316 with commit 65cd017d43f4 Issue introduced in 4.11 with commit 9a69645dde11 and fixed in 5.4.278 with commit b8c6b83cc3ad Issue introduced in 4.11 with commit 9a69645dde11 and fixed in 5.10.219 with commit d32caf51379a Issue introduced in 4.11 with commit 9a69645dde11 and fixed in 5.15.161 with commit b65d0410b879 Issue introduced in 4.11 with commit 9a69645dde11 and fixed in 6.1.93 with commit df9329247dbb Issue introduced in 4.11 with commit 9a69645dde11 and fixed in 6.6.33 with commit ec3468221efe Issue introduced in 4.11 with commit 9a69645dde11 and fixed in 6.9.4 with commit 5d5b24edad11 Issue introduced in 4.11 with commit 9a69645dde11 and fixed in 6.10 with commit fbf740aeb86a Issue introduced in 4.9.22 with commit 9c2b46e720d5 Issue introduced in 4.10.7 with commit 762602796be6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-36015 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/char/ppdev.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/65cd017d43f4319a56747d38308b0a24cf57299e https://git.kernel.org/stable/c/b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9 https://git.kernel.org/stable/c/d32caf51379a4d71db03d3d4d7c22d27cdf7f68b https://git.kernel.org/stable/c/b65d0410b879af0295d22438a4a32012786d152a https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828 https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57 https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39 https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e