MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 15:03:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
363a599da6
linux-yocto/drivers
History
Bjorn Andersson fa725a427d soc: qcom: mdt_loader: Deal with zero e_shentsize 
commit 25daf9af0ac1bf12490b723b5efaf8dcc85980bc upstream.

Firmware that doesn't provide section headers leave both e_shentsize and
e_shnum 0, which obvious isn't compatible with the newly introduced
stricter checks.

Make the section-related checks conditional on either of these values
being non-zero.

Fixes: 9f9967fed9 ("soc: qcom: mdt_loader: Ensure we don't read past the ELF header")
Reported-by: Val Packett <val@packett.cool>
Closes: https://lore.kernel.org/all/ece307c3-7d65-440f-babd-88cf9705b908@packett.cool/
Reported-by: Neil Armstrong <neil.armstrong@linaro.org>
Closes: https://lore.kernel.org/all/aec9cd03-6fc2-4dc8-b937-8b7cf7bf4128@linaro.org/
Signed-off-by: Bjorn Andersson <bjorn.andersson@oss.qualcomm.com>
Fixes: 9f35ab0e53 ("soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()")
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8650-QRD
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20250730-mdt-loader-shentsize-zero-v1-1-04f43186229c@oss.qualcomm.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Cc: Yongqin Liu <yongqin.liu@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-09-19 16:30:00 +02:00
..
accessibility
acpi ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() 2025-09-09 18:54:16 +02:00
amba
android
ata ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig 2025-08-28 16:26:12 +02:00
atm atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). 2025-09-04 15:26:27 +02:00
auxdisplay auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct hd44780_common" 2025-06-04 14:40:07 +02:00
base x86/vmscape: Enable the mitigation 2025-09-11 17:19:15 +02:00
bcma
block drbd: add missing kref_get in handle_write_conflicts 2025-08-28 16:25:51 +02:00
bluetooth Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID 2025-07-24 08:51:52 +02:00
bus bus: mhi: host: Detect events pointing to unexpected TREs 2025-08-28 16:26:05 +02:00
cdrom
char ipmi: Fix strcpy source and destination the same 2025-08-28 16:26:02 +02:00
clk clk: sunxi-ng: v3s: Fix de clock definition 2025-08-15 12:05:03 +02:00
clocksource clocksource: mips-gic-timer: Enable counter when CPUs start 2025-06-04 14:40:12 +02:00
comedi comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() 2025-08-28 16:26:14 +02:00
connector
counter counter: interrupt-cnt: Protect enable/disable OPs with mutex 2025-06-27 11:07:16 +01:00
cpufreq cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() 2025-09-09 18:54:25 +02:00
cpuidle cpuidle: menu: Avoid discarding useful information 2025-06-04 14:40:11 +02:00
crypto crypto: qat - fix ring to service map for QAT GEN4 2025-08-28 16:26:12 +02:00
cxl
dax
dca
devfreq PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() 2025-08-28 16:25:52 +02:00
dio
dma dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate 2025-09-19 16:29:59 +02:00
dma-buf dma-buf: fix timeout handling in dma_resv_wait_timeout v2 2025-07-10 15:59:53 +02:00
edac EDAC/altera: Delete an inappropriate dma_free_coherent() call 2025-09-19 16:29:56 +02:00
eisa
extcon
firewire
firmware firmware: arm_scmi: Ensure that the message-id supports fastchannel 2025-07-06 10:58:04 +02:00
fpga fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() 2025-08-28 16:26:14 +02:00
fsi
gnss
gpio gpio: tps65912: check the return value of regmap_update_bits() 2025-08-28 16:25:53 +02:00
gpu drm/i915/power: fix size for for_each_set_bit() in abox iteration 2025-09-19 16:30:00 +02:00
greybus
hid HID: mcp2221: Handle reads greater than 60 bytes 2025-09-04 15:26:31 +02:00
hsi HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition 2025-04-25 10:43:47 +02:00
hte
hv Drivers: hv: vmbus: Add utility function for querying ring size 2025-07-06 10:57:58 +02:00
hwmon hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM 2025-09-09 18:54:22 +02:00
hwspinlock
hwtracing coresight: Only check bottom two claim bits 2025-07-06 10:57:55 +02:00
i2c i2c: designware: Fix an error handling path in i2c_dw_pci_probe() 2025-09-09 18:54:19 +02:00
i3c i3c: master: Initialize ret in i3c_i2c_notifier_call() 2025-08-28 16:26:01 +02:00
idle
iio iio: light: opt3001: fix deadlock due to concurrent flag access 2025-09-09 18:54:19 +02:00
infiniband RDMA/bnxt_re: Fix to initialize the PBL array 2025-08-28 16:26:17 +02:00
input Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table 2025-09-19 16:29:57 +02:00
interconnect interconnect: qcom: sc8180x: specify num_nodes 2025-08-15 12:04:55 +02:00
iommu iommu/amd: Avoid stack buffer overflow from kernel cmdline 2025-08-28 16:26:17 +02:00
ipack
irqchip irqchip: Build IMX_MU_MSI only on ARM 2025-08-15 12:05:10 +02:00
isdn mISDN: Fix memory leak in dsp_hwec_enable() 2025-09-09 18:54:14 +02:00
leds leds: leds-lp50xx: Handle reg to get correct multi_index 2025-08-28 16:26:00 +02:00
macintosh
mailbox mailbox: Not protect module_put with spin_lock_irqsave 2025-07-06 10:57:54 +02:00
mcb mcb: fix a double free bug in chameleon_parse_gdd() 2025-05-02 07:46:57 +02:00
md dm-table: fix checking for rq stackable devices 2025-08-28 16:26:01 +02:00
media media: i2c: imx214: Fix link frequency validation 2025-09-19 16:29:55 +02:00
memory memory: omap-gpmc: drop no compatible check 2025-04-10 14:33:39 +02:00
memstick memstick: Fix deadlock by moving removing flag earlier 2025-08-28 16:26:13 +02:00
message
mfd mfd: max14577: Fix wakeup source leaks on device unbind 2025-07-06 10:57:54 +02:00
misc misc: rtsx: usb: Ensure mmc child device is active when card is present 2025-08-28 16:26:03 +02:00
mmc mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER 2025-08-28 16:26:16 +02:00
most most: core: Drop device reference after usage in get_channel() 2025-08-28 16:26:14 +02:00
mtd mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing 2025-09-19 16:29:57 +02:00
mux
net can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB 2025-09-19 16:29:58 +02:00
nfc
ntb ntb_hw_amd: Add NTB PCI ID for new gen CPU 2025-05-02 07:47:04 +02:00
nubus
nvdimm libnvdimm/labels: Fix divide error in nd_label_data_init() 2025-06-04 14:40:04 +02:00
nvme nvme: fix misaccounting of nvme-mpath inflight I/O 2025-07-24 08:51:52 +02:00
nvmem nvmem: layouts: u-boot-env: remove crc32 endianness conversion 2025-07-24 08:51:55 +02:00
of of: module: add buffer overflow check in of_modalias() 2025-05-02 07:47:08 +02:00
opp
parisc
parport
pci PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads 2025-09-09 18:54:18 +02:00
pcmcia pcmcia: Add error handling for add_interval() in do_validate_mem() 2025-09-09 18:54:22 +02:00
peci
perf perf/arm-cmn: Initialise cmn->cpu earlier 2025-06-04 14:40:25 +02:00
phy phy: ti-pipe3: fix device leak at unbind 2025-09-19 16:30:00 +02:00
pinctrl pinctrl: STMFX: add missing HAS_IOMEM dependency 2025-09-04 15:26:24 +02:00
platform platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() 2025-08-28 16:26:11 +02:00
pnp
power power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set 2025-08-15 12:05:01 +02:00
powercap powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() 2025-08-15 12:04:54 +02:00
pps pps: clients: gpio: fix interrupt handling order in remove path 2025-08-28 16:25:53 +02:00
ps3
ptp ptp: Use ratelimite for freerun error message 2025-08-28 16:25:58 +02:00
pwm pwm: mediatek: Fix duty and period setting 2025-08-28 16:26:07 +02:00
rapidio drivers/rapidio/rio_cm.c: prevent possible heap overwrite 2025-06-27 11:07:36 +01:00
ras
regulator regulator: sy7636a: fix lifecycle of power good gpio 2025-09-19 16:29:59 +02:00
remoteproc remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU 2025-08-28 16:25:52 +02:00
reset reset: brcmstb: Enable reset drivers for ARCH_BCM2835 2025-08-28 16:25:53 +02:00
rpmsg rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() 2025-06-27 11:07:15 +01:00
rtc rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe 2025-08-28 16:26:03 +02:00
s390 s390/sclp: Fix SCCB present check 2025-08-28 16:26:13 +02:00
sbus
scsi scsi: lpfc: Fix buffer free/clear order in deferred receive path 2025-09-09 18:54:17 +02:00
sh
siox
slimbus
soc soc: qcom: mdt_loader: Deal with zero e_shentsize 2025-09-19 16:30:00 +02:00
soundwire soundwire: stream: restore params when prepare ports fail 2025-08-15 12:05:04 +02:00
spi spi: tegra114: Use value to check for invalid delays 2025-09-09 18:54:24 +02:00
spmi
ssb
staging media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() 2025-08-28 16:26:08 +02:00
target scsi: target: core: Generate correct identifiers for PR OUT transport IDs 2025-08-28 16:26:02 +02:00
tc
tee tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" 2025-09-09 18:54:13 +02:00
thermal thermal: sysfs: Return ENODATA instead of EAGAIN for reads 2025-08-28 16:25:53 +02:00
thunderbolt thunderbolt: Fix copy+paste error in match_service_id() 2025-08-28 16:26:04 +02:00
tty serial: sc16is7xx: fix bug in flow control levels init 2025-09-19 16:29:58 +02:00
ufs scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE 2025-08-28 16:26:15 +02:00
uio uio_hv_generic: Align ring size to system page 2025-07-06 10:57:58 +02:00
usb USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels 2025-09-19 16:29:59 +02:00
vdpa vdpa/mlx5: Fix oversized null mkey longer than 32bit 2025-04-25 10:43:40 +02:00
vfio vfio/mlx5: fix possible overflow in tracking max message size 2025-08-28 16:26:02 +02:00
vhost vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() 2025-09-04 15:26:26 +02:00
video Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" 2025-08-28 16:26:05 +02:00
virt fix locking in efi_secret_unlink() 2025-08-28 16:25:51 +02:00
virtio virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN 2025-06-04 14:40:01 +02:00
vlynq
w1
watchdog watchdog: iTCO_wdt: Report error if timeout configuration fails 2025-08-28 16:25:59 +02:00
xen xen/gntdev: remove struct gntdev_copy_batch from stack 2025-08-15 12:04:58 +02:00
zorro
Kconfig
Makefile