| Message ID | 20210812095201.GA32674@duo.ucw.cz (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | xilinx_emaclite CVE -- was Re: [cip-dev] New CVE entries this week | expand |
Hi ! On Thu, Aug 12, 2021 at 6:52 PM Pavel Machek <pavel@denx.de> wrote: > > Hi! > > > > > * CVE detail > > > > > > > > New CVEs > > > > > > > CVE-2021-38205: net: xilinx_emaclite: Do not print real IOMEM pointer > > > > > > > > xemaclite_of_probe() in drivers/net/ethernet/xilinx/xilinx_emaclite.c > > > > leaks kernel memory layout. > > > > > > > > Fixed status > > > > > > > > mainline: [d0d62baa7f505bd4c59cd169692ff07ec49dde37] > > > > stable/5.13: [8722275b41d5127048e1422a8a1b6370b4878533] > > > > > > This affects our kernels (I looked at 5.10.57 and 4.4.277). On one > > > hand we could ask for backport, on the other... I'm not sure it is > > > serious enough to warrant any action. > > > > > > > I think this vulnerability seems to be low priority because an > > attacker needs another vulnerability to abuse this vulnerability. > > However, it would be nice to backport the patch too. > > So I tried to apply the patch to 4.4, but it rejects, because types > changed in the meantime. > > In particular eccd5403814b4e762e270ef0464bb86fb217b1bf and > 18af77c50fede5b3fc22aa9f0a9b255a5c5285c9 change the printk. > > It seems we are actually using the driver in one of the configs: > > ./4.4.y-cip/arm/toshiba_zynq.sources:drivers/net/ethernet/xilinx/xilinx_emaclite.c > > Patch for 4.4 should look like this: > > diff --git a/drivers/net/ethernet/xilinx/xilinx_emaclite.c b/drivers/net/ethernet/xilinx/xilinx_emaclite.c > index 909a008f9927..26cd42bfef0c 100644 > --- a/drivers/net/ethernet/xilinx/xilinx_emaclite.c > +++ b/drivers/net/ethernet/xilinx/xilinx_emaclite.c > @@ -1180,9 +1180,8 @@ static int xemaclite_of_probe(struct platform_device *ofdev) > } > > dev_info(dev, > - "Xilinx EmacLite at 0x%08X mapped to 0x%08X, irq=%d\n", > - (unsigned int __force)ndev->mem_start, > - (unsigned int __force)lp->base_addr, ndev->irq); > + "Xilinx EmacLite at 0x%08X mapped to 0x%p, irq=%d\n", > + (unsigned int __force)ndev->mem_start, lp->base_addr, ndev->irq); > return 0; > > error: > Thank you for your work! This patch looks good to me. > Best regards, > Pavel > -- > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany > > > Regarads,
diff --git a/drivers/net/ethernet/xilinx/xilinx_emaclite.c b/drivers/net/ethernet/xilinx/xilinx_emaclite.c index 909a008f9927..26cd42bfef0c 100644 --- a/drivers/net/ethernet/xilinx/xilinx_emaclite.c +++ b/drivers/net/ethernet/xilinx/xilinx_emaclite.c @@ -1180,9 +1180,8 @@ static int xemaclite_of_probe(struct platform_device *ofdev) } dev_info(dev, - "Xilinx EmacLite at 0x%08X mapped to 0x%08X, irq=%d\n", - (unsigned int __force)ndev->mem_start, - (unsigned int __force)lp->base_addr, ndev->irq); + "Xilinx EmacLite at 0x%08X mapped to 0x%p, irq=%d\n", + (unsigned int __force)ndev->mem_start, lp->base_addr, ndev->irq); return 0; error: