[scarthgap] acpica: fix CVE-2024-24856

Message ID	20241125045545.3821180-1-changqing.li@windriver.com
State	New
Headers	show Return-Path: <changqing.li@windriver.com> ip: 205.220.166.238, mailfrom: prvs=10598c1d70=changqing.li@windriver.com) From: <changqing.li@windriver.com> To: <openembedded-core@lists.openembedded.org> Subject: [scarthgap][PATCH] acpica: fix CVE-2024-24856 Date: Mon, 25 Nov 2024 12:55:45 +0800 Message-ID: <20241125045545.3821180-1-changqing.li@windriver.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	[scarthgap] acpica: fix CVE-2024-24856 \| expand [scarthgap] acpica: fix CVE-2024-24856

Message ID

20241125045545.3821180-1-changqing.li@windriver.com

State

New

Headers

From: <changqing.li@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [scarthgap][PATCH] acpica: fix CVE-2024-24856
Date: Mon, 25 Nov 2024 12:55:45 +0800
Message-ID: <20241125045545.3821180-1-changqing.li@windriver.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

[scarthgap] acpica: fix CVE-2024-24856 | expand

Commit Message

Changqing Li Nov. 25, 2024, 4:55 a.m. UTC

From: Changqing Li <changqing.li@windriver.com>

The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a
successful allocation, but the subsequent code directly dereferences the
pointer that receives it, which may lead to null pointer dereference. To
fix this issue, a null pointer check should be added. If it is null,
return exception code AE_NO_MEMORY.

Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-24856

Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
 .../acpica/acpica_20240322.bb                 |  3 +-
 .../acpica/files/CVE-2024-24856.patch         | 31 +++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/acpica/files/CVE-2024-24856.patch

diff --git a/meta/recipes-extended/acpica/acpica_20240322.bb b/meta/recipes-extended/acpica/acpica_20240322.bb
index 90e3599d32..1f93c0d435 100644
--- a/meta/recipes-extended/acpica/acpica_20240322.bb
+++ b/meta/recipes-extended/acpica/acpica_20240322.bb
@@ -16,7 +16,8 @@  COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
 
 DEPENDS = "m4-native flex-native bison-native"
 
-SRC_URI = "git://github.com/acpica/acpica;protocol=https;branch=master"
+SRC_URI = "git://github.com/acpica/acpica;protocol=https;branch=master \
+           file://CVE-2024-24856.patch"
 SRCREV = "170fc3076a86777077637f10b05c32ac21ac13aa"
 
 S = "${WORKDIR}/git"
diff --git a/meta/recipes-extended/acpica/files/CVE-2024-24856.patch b/meta/recipes-extended/acpica/files/CVE-2024-24856.patch
new file mode 100644
index 0000000000..c0c9c00d12
--- /dev/null
+++ b/meta/recipes-extended/acpica/files/CVE-2024-24856.patch
@@ -0,0 +1,31 @@ 
+From 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 Mon Sep 17 00:00:00 2001
+From: Huai-Yuan Liu <qq810974084@gmail.com>
+Date: Tue, 9 Apr 2024 23:23:39 +0800
+Subject: [PATCH] check null return of ACPI_ALLOCATE_ZEROED in
+ AcpiDbConvertToPackage
+
+ACPI_ALLOCATE_ZEROED may fails, Elements might be null and will cause null pointer dereference later.
+
+Signed-off-by: Huai-Yuan Liu <qq810974084@gmail.com>
+
+CVE: CVE-2024-24856
+Upstream-Status: Backport [https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ source/components/debugger/dbconvert.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/source/components/debugger/dbconvert.c b/source/components/debugger/dbconvert.c
+index 6a41000036..32ad5be179 100644
+--- a/source/components/debugger/dbconvert.c
++++ b/source/components/debugger/dbconvert.c
+@@ -354,6 +354,8 @@ AcpiDbConvertToPackage (
+ 
+     Elements = ACPI_ALLOCATE_ZEROED (
+         DB_DEFAULT_PKG_ELEMENTS * sizeof (ACPI_OBJECT));
++    if (!Elements)
++        return (AE_NO_MEMORY);
+ 
+     This = String;
+     for (i = 0; i < (DB_DEFAULT_PKG_ELEMENTS - 1); i++)

[scarthgap] acpica: fix CVE-2024-24856

Commit Message

Patch