漏洞标题
remoteproc: mediatek: 确保IPI缓冲区适合L2TCM
漏洞描述信息
在Linux内核中,已解决以下漏洞:
remoteproc: mediatek: 确保IPI缓冲区适合L2TCM
我们加载到系统伴侣处理器的固件中读取IPI缓冲区的位置,但并不保证SRAM(L2TCM)在devicetree节点中定义的大小足够大以容纳它。对于多核SCP,这一点尤其正确,但对单核变体进行检查仍然很有用。
如果未执行此检查,可能会使该驱动程序执行超出L2TCM边界的读/写操作,最坏的结果是内核崩溃。
为了解决这个问题,需要检查IPI缓冲区是否适合。如果不适合,则应返回失败,并拒绝启动相关SCP核心(或完全不启动SCP,如果这是单核心的话)。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
漏洞类别
跨界内存写
漏洞标题
remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
The IPI buffer location is read from the firmware that we load to the
System Companion Processor, and it's not granted that both the SRAM
(L2TCM) size that is defined in the devicetree node is large enough
for that, and while this is especially true for multi-core SCP, it's
still useful to check on single-core variants as well.
Failing to perform this check may make this driver perform R/W
operations out of the L2TCM boundary, resulting (at best) in a
kernel panic.
To fix that, check that the IPI buffer fits, otherwise return a
failure and refuse to boot the relevant SCP core (or the SCP at
all, if this is single core).
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linux kernel 安全漏洞
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于remoteproc mediatek中存在安全问题,可能导致内核崩溃。
CVSS信息
N/A
漏洞类别
其他