7.8

CVE-2024-38568

drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group

In the Linux kernel, the following vulnerability has been resolved:

drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group

The perf tool allows users to create event groups through following
cmd [1], but the driver does not check whether the array index is out
of bounds when writing data to the event_group array. If the number of
events in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the
memory write overflow of event_group array occurs.

Add array index check to fix the possible array out of bounds violation,
and return directly when write new events are written to array bounds.

There are 9 different events in an event_group.
[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.0 < 6.1.93
LinuxLinux Kernel Version >= 6.2 < 6.6.33
LinuxLinux Kernel Version >= 6.7 < 6.8.12
LinuxLinux Kernel Version >= 6.9 < 6.9.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.14
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/3669baf308308385a2ab391324abdde5682af5aa
Patch
https://git.kernel.org/stable/c/81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e
Patch
https://git.kernel.org/stable/c/aa2d3d678895c8eedd003f1473f87d3f06fe6ec7
Patch
https://git.kernel.org/stable/c/b5120d322763c15c978bc47beb3b6dff45624304
Patch
https://git.kernel.org/stable/c/be1fa711e59c874d049f592aef1d4685bdd22bdf
Patch