Vulnerabilidad en kernel de Linux (CVE-2024-46853)

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: nxp-fspi: solucione el error de informe fuera de los límites de KASAN Cambie la longitud de memcpy para solucionar el problema de fuera de los límites al escribir datos que no están alineados con 4 bytes en TX FIFO. Para reproducir el problema, escriba datos de 3 bytes en el chip NOR. dd if=3b of=/dev/mtd0 [ 36.926103] ====================================================================== [ 36.933409] ERROR: KASAN: slab fuera de límites en nxp_fspi_exec_op+0x26ec/0x2838 [ 36.940514] Lectura de tamaño 4 en la dirección ffff00081037c2a0 por la tarea dd/455 [ 36.946721] [ 36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd No contaminado 6.11.0-rc5-gc7b0e37c8434 #1070 [ 36.956185] Nombre del hardware: Freescale i.MX8QM MEK (DT) [ 36.961260] Rastreo de llamadas: [ 36.963723] dump_backtrace+0x90/0xe8 [ 36.967414] show_stack+0x18/0x24 [ 36.970749] dump_stack_lvl+0x78/0x90 [ 36.974451] print_report+0x114/0x5cc [ 36.978151] kasan_report+0xa4/0xf0 [ 36.981670] __asan_report_load_n_noabort+0x1c/0x28 [ 36.986587] nxp_fspi_exec_op+0x26ec/0x2838 [ 36.990800] spi_mem_exec_op+0x8ec/0xd30 [ 36.994762] spi_mem_no_dirmap_read+0x190/0x1e0 [ 36.999323] spi_mem_dirmap_write+0x238/0x32c [ 37.003710] spi_nor_write_data+0x220/0x374 [ 37.007932] spi_nor_write+0x110/0x2e8 [ 37.011711] mtd_write_oob_std+0x154/0x1f0 [ 37.015838] mtd_write_oob+0x104/0x1d0 [ 37.019617] mtd_write+0xb8/0x12c [ 37.022953] mtdchar_write+0x224/0x47c [ 37.026732] vfs_write+0x1e4/0x8c8 [ 37.030163] ksys_write+0xec/0x1d0 [ 37.033586] __arm64_sys_write+0x6c/0x9c [ 37.037539] invocar_syscall+0x6c/0x258 [ 37.041327] el0_svc_common.constprop.0+0x160/0x22c [ 37.046244] do_el0_svc+0x44/0x5c [ 37.049589] el0_svc+0x38/0x78 [ 37.052681] el0t_64_sync_handler+0x13c/0x158 [ 37.057077] el0t_64_sync+0x190/0x194 [ 37.060775] [ 37.062274] Asignado por la tarea 455: [ 37.065701] kasan_save_stack+0x2c/0x54 [ 37.069570] kasan_save_track+0x20/0x3c [ 37.073438] kasan_save_alloc_info+0x40/0x54 [ 37.077736] __kasan_kmalloc+0xa0/0xb8 [ 37.081515] __kmalloc_noprof+0x158/0x2f8 [ 37.085563] mtd_kmalloc_up_to+0x120/0x154 [ 37.089690] mtdchar_write+0x130/0x47c [ 37.093469] vfs_write+0x1e4/0x8c8 [ 37.096901] ksys_write+0xec/0x1d0 [ 37.100332] __arm64_sys_write+0x6c/0x9c [ 37.104287] invoque_syscall+0x6c/0x258 [ 37.108064] el0_svc_common.constprop.0+0x160/0x22c [ 37.112972] do_el0_svc+0x44/0x5c [ 37.116319] el0_svc+0x38/0x78 [ 37.119401] el0t_64_sync_handler+0x13c/0x158 [ 37.123788] el0t_64_sync+0x190/0x194 [ 37.127474] [ 37.128977] La dirección con errores pertenece al objeto en ffff00081037c2a0 [ 37.128977] que pertenece al caché kmalloc-8 de tamaño 8 [ 37.141177] La dirección con errores se encuentra a 0 bytes dentro de la [ 37.141177] región asignada de 3 bytes [ffff00081037c2a0, ffff00081037c2a3) [ 37.153465] [ 37.154971] La dirección con errores pertenece a la página física: [ 37.160559] página: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c [ 37.168596] indicadores: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.175149] page_type: 0xfdffffff(slab) [ 37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000 [ 37.186788] raw: 000000000000000 0000000080800080 00000001fdffffff 0000000000000000 [ 37.194553] página volcada porque: kasan: se detectó un acceso incorrecto [ 37.200144] [ 37.201647] Estado de la memoria alrededor de la dirección con errores: [ 37.206460] ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 37.213701] ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc [ 37.220946] 081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc [ 37.228186] ^ [ 37.232473] ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.239718] ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.246962] ===================================================== ========== ---truncado---