From f8cf88666c2fd7e2fb2b6cb6767a7bcecef9a205 Mon Sep 17 00:00:00 2001 From: Michal Koutný Date: Mar 27 2024 16:03:26 +0000 Subject: - Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch (bsc#1194516 CVE-2022-0487 CVE-2022-48626 bsc#1220366). - Update patches.suse/crypto-qcom-rng-ensure-buffer-for-generate-is-comple.patch (git-fixes CVE-2022-48629 bsc#1220989). - Update patches.suse/crypto-qcom-rng-fix-infinite-loop-on-requests-not-mu.patch (git-fixes CVE-2022-48630 bsc#1220990). --- diff --git a/patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch b/patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch index 0609d8c..3e4cbb9 100644 --- a/patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch +++ b/patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch @@ -4,7 +4,7 @@ Date: Thu, 27 Jan 2022 08:16:38 +0100 Subject: [PATCH] moxart: fix potential use-after-free on remove path Git-commit: bd2db32e7c3e35bd4d9b8bbff689434a50893546 Patch-mainline: v5.17-rc4 -References: bsc#1194516 CVE-2022-0487 +References: bsc#1194516 CVE-2022-0487 CVE-2022-48626 bsc#1220366 It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of diff --git a/patches.suse/crypto-qcom-rng-ensure-buffer-for-generate-is-comple.patch b/patches.suse/crypto-qcom-rng-ensure-buffer-for-generate-is-comple.patch index 6e4df9d..bf823f3 100644 --- a/patches.suse/crypto-qcom-rng-ensure-buffer-for-generate-is-comple.patch +++ b/patches.suse/crypto-qcom-rng-ensure-buffer-for-generate-is-comple.patch @@ -7,7 +7,7 @@ Content-type: text/plain; charset=UTF-8 Content-transfer-encoding: 8bit Git-commit: a680b1832ced3b5fa7c93484248fd221ea0d614b Patch-mainline: v5.17 -References: git-fixes +References: git-fixes CVE-2022-48629 bsc#1220989 The generate function in struct rng_alg expects that the destination buffer is completely filled if the function returns 0. qcom_rng_read() diff --git a/patches.suse/crypto-qcom-rng-fix-infinite-loop-on-requests-not-mu.patch b/patches.suse/crypto-qcom-rng-fix-infinite-loop-on-requests-not-mu.patch index e920bc6..6797c88 100644 --- a/patches.suse/crypto-qcom-rng-fix-infinite-loop-on-requests-not-mu.patch +++ b/patches.suse/crypto-qcom-rng-fix-infinite-loop-on-requests-not-mu.patch @@ -4,7 +4,7 @@ Date: Tue, 3 May 2022 13:50:10 +0200 Subject: [PATCH] crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ Git-commit: 16287397ec5c08aa58db6acf7dbc55470d78087d Patch-mainline: v5.18 -References: git-fixes +References: git-fixes CVE-2022-48630 bsc#1220990 The commit referenced in the Fixes tag removed the 'break' from the else branch in qcom_rng_read(), causing an infinite loop whenever 'max' is