[scarthgap,02/16] acpica: fix CVE-2024-24856

Message ID	5c590ccd1973d343f47e7b7171691400490dfc1a.1733232895.git.steve@sakoman.com
State	Under Review
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.177, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/16] acpica: fix CVE-2024-24856 Date: Tue, 3 Dec 2024 05:37:06 -0800 Message-Id: <5c590ccd1973d343f47e7b7171691400490dfc1a.1733232895.git.steve@sakoman.com> In-Reply-To: <cover.1733232895.git.steve@sakoman.com> References: <cover.1733232895.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/16] python3-zipp: fix CVE-2024-5569 \| expand [scarthgap,01/16] python3-zipp: fix CVE-2024-5569 [scarthgap,02/16] acpica: fix CVE-2024-24856 [scarthgap,03/16] builder: set CVE_PRODUCT [scarthgap,04/16] libsndfile: fix CVE-2024-50612 [scarthgap,05/16] libsoup: fix CVE-2024-52530, CVE-2024-52531 [scarthgap,06/16] tzdata&tzcode-native: upgrade 2024a -> 2024b [scarthgap,07/16] python3-urllib3: upgrade 2.2.1 -> 2.2.2 [scarthgap,08/16] python3-requests: upgrade 2.32.1 -> 2.32.2 [scarthgap,09/16] scripts/install-buildtools: Update to 5.0.5 [scarthgap,10/16] glibc: stable 2.39 branch updates [scarthgap,11/16] qemu: upgrade 8.2.3 -> 8.2.7 [scarthgap,12/16] gcc: add a backport patch to fix an issue with tzdata 2024b [scarthgap,13/16] ninja: fix build with python 3.13 [scarthgap,14/16] libgcrypt: Fix building error with '-O2' in sysroot path [scarthgap,15/16] dropbear: backport fix for concurrent channel open/close [scarthgap,16/16] rootfs: Ensure run-postinsts is not uninstalled for read-only-rootfs-delayed-post…

Message ID

5c590ccd1973d343f47e7b7171691400490dfc1a.1733232895.git.steve@sakoman.com

State

Under Review

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 02/16] acpica: fix CVE-2024-24856
Date: Tue,  3 Dec 2024 05:37:06 -0800
Message-Id: 
 <5c590ccd1973d343f47e7b7171691400490dfc1a.1733232895.git.steve@sakoman.com>
In-Reply-To: <cover.1733232895.git.steve@sakoman.com>
References: <cover.1733232895.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/16] python3-zipp: fix CVE-2024-5569 | expand

Commit Message

Steve Sakoman Dec. 3, 2024, 1:37 p.m. UTC

From: Changqing Li <changqing.li@windriver.com>

The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a
successful allocation, but the subsequent code directly dereferences the
pointer that receives it, which may lead to null pointer dereference. To
fix this issue, a null pointer check should be added. If it is null,
return exception code AE_NO_MEMORY.

Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-24856

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../acpica/acpica_20240322.bb                 |  3 +-
 .../acpica/files/CVE-2024-24856.patch         | 31 +++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/acpica/files/CVE-2024-24856.patch

diff --git a/meta/recipes-extended/acpica/acpica_20240322.bb b/meta/recipes-extended/acpica/acpica_20240322.bb
index 90e3599d32..1f93c0d435 100644
--- a/meta/recipes-extended/acpica/acpica_20240322.bb
+++ b/meta/recipes-extended/acpica/acpica_20240322.bb
@@ -16,7 +16,8 @@  COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
 
 DEPENDS = "m4-native flex-native bison-native"
 
-SRC_URI = "git://github.com/acpica/acpica;protocol=https;branch=master"
+SRC_URI = "git://github.com/acpica/acpica;protocol=https;branch=master \
+           file://CVE-2024-24856.patch"
 SRCREV = "170fc3076a86777077637f10b05c32ac21ac13aa"
 
 S = "${WORKDIR}/git"
diff --git a/meta/recipes-extended/acpica/files/CVE-2024-24856.patch b/meta/recipes-extended/acpica/files/CVE-2024-24856.patch
new file mode 100644
index 0000000000..c0c9c00d12
--- /dev/null
+++ b/meta/recipes-extended/acpica/files/CVE-2024-24856.patch
@@ -0,0 +1,31 @@ 
+From 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 Mon Sep 17 00:00:00 2001
+From: Huai-Yuan Liu <qq810974084@gmail.com>
+Date: Tue, 9 Apr 2024 23:23:39 +0800
+Subject: [PATCH] check null return of ACPI_ALLOCATE_ZEROED in
+ AcpiDbConvertToPackage
+
+ACPI_ALLOCATE_ZEROED may fails, Elements might be null and will cause null pointer dereference later.
+
+Signed-off-by: Huai-Yuan Liu <qq810974084@gmail.com>
+
+CVE: CVE-2024-24856
+Upstream-Status: Backport [https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ source/components/debugger/dbconvert.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/source/components/debugger/dbconvert.c b/source/components/debugger/dbconvert.c
+index 6a41000036..32ad5be179 100644
+--- a/source/components/debugger/dbconvert.c
++++ b/source/components/debugger/dbconvert.c
+@@ -354,6 +354,8 @@ AcpiDbConvertToPackage (
+ 
+     Elements = ACPI_ALLOCATE_ZEROED (
+         DB_DEFAULT_PKG_ELEMENTS * sizeof (ACPI_OBJECT));
++    if (!Elements)
++        return (AE_NO_MEMORY);
+ 
+     This = String;
+     for (i = 0; i < (DB_DEFAULT_PKG_ELEMENTS - 1); i++)

[scarthgap,02/16] acpica: fix CVE-2024-24856

Commit Message

Patch