mbox series

[5.10.y,0/1] Backport fix for CVE-2024-49935

Message ID 20241202121104.35898-1-n.zhandarovich@fintech.ru
Headers show
Series Backport fix for CVE-2024-49935 | expand

Message

Nikita Zhandarovich Dec. 2, 2024, 12:11 p.m. UTC
This patch addresses CVE-2024-49935 [1], a vulnerability in ACPI
subsystem caused by calling cpumask_clear_cpu() with bit to
clear set to 0xffffffff, thus leading to erroneous memory
access. The issue is still present in 5.10.y kernel.

The original commit [2] has been backported to several stable
branches (5.15.y and fresher) and now has been cherry-picked for
5.10.y.

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-49935
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0a2ed70a549e61c5181bad5db418d223b68ae932

Seiji Nishikawa (1):
  ACPI: PAD: fix crash in exit_round_robin()

 drivers/acpi/acpi_pad.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)