Skip to content

[LTS 8.10 FIPS] CVE-2024-53104 kernel fips-8.10 #133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

[LTS 8.10 FIPS] CVE-2024-53104 kernel fips-8.10 #133

wants to merge 2 commits into from

Conversation

gvrose8192
Copy link

Builds and Loads

our branch is up to date with 'origin/main'.
branch 'gvrose_fips-8-complaint/4.18.0-553.16.1' set up to track 'origin/gvrose_fips-8-complaint/4.18.0-553.16.1'.
Already up to date.
/home/gvrose8192/prj/kernel-build-gvrose_fips-8-complaint/4.18.0-553.16.1
no .config file found, moving on
[TIMER]{MRPROPER}: 0s
x86_64 architecture detected, copying config
'configs/kernel-4.18.0-x86_64.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-gvrose_fips-8-complaint_4.18.0-553.16.1"
Making olddefconfig
  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/kconfig/conf.o
  YACC    scripts/kconfig/zconf.tab.c
  LEX     scripts/kconfig/zconf.lex.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf  --olddefconfig Kconfig
#
# configuration written to .config
#
Starting Build
scripts/kconfig/conf  --syncconfig Kconfig
  SYSTBL  arch/x86/include/generated/asm/syscalls_32.h
  SYSHDR  arch/x86/include/generated/asm/unistd_32_ia32.h

[SNIP]

  INSTALL sound/usb/usx2y/snd-usb-usx2y.ko
  INSTALL sound/virtio/virtio_snd.ko
  INSTALL sound/x86/snd-hdmi-lpe-audio.ko
  INSTALL sound/xen/snd_xen_front.ko
  INSTALL virt/lib/irqbypass.ko
  DEPMOD  4.18.0-gvrose_fips-8-complaint_4.18.0-553.16.1+
[TIMER]{MODULES}: 83s
Making Install
sh ./arch/x86/boot/install.sh 4.18.0-gvrose_fips-8-complaint_4.18.0-553.16.1+ arch/x86/boot/bzImage \
        System.map "/boot"
[TIMER]{INSTALL}: 35s
Checking kABI
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-4.18.0-gvrose_fips-8-complaint_4.18.0-553.16.1+ and Index to 0
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 0s
[TIMER]{BUILD}: 5177s
[TIMER]{MODULES}: 83s
[TIMER]{INSTALL}: 35s
[TIMER]{TOTAL} 5317s
Rebooting in 10 seconds
[gvrose8192@auto-kernel-test-fips810 ~]$ uname -a
Linux auto-kernel-test-fips810 4.18.0-gvrose_fips-8-complaint_4.18.0-553.16.1+ #1 SMP Fri Feb 14 20:59:34 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Commands and Build logs
lts-8_10-commands-pass3.log
lts-8_10-build-pass3.log

There's no reason to think this patch would cause any issues.

PlaidCat and others added 2 commits February 11, 2025 11:06
@PlaidCat @gvrose8192
github actions: Make builds on Merge Request
ce717d0 
Since we need to make sure external contributors code actually compiles
prior to merging. To get access to the forked repos merge request we
need to switch over our push to pull_request. In addition we're fixing up
some Naming Conventions, adding aarch64 to this branch and fixing the naming
so that we can quickly identify if the CI is for x86_64 or aarch64.

Also disable the process-pull-request until the `utf-8` situation is
resolved.
@gvrose8192
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_…
45e71cc 
…parse_format

jira VULN-9672
cve CVE-2024-53104
commit-author Benoit Sevens <[email protected]>
commit ecf2b43

This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.

Fixes: c0efd23 ("V4L/DVB (8145a): USB Video Class driver")
	Signed-off-by: Benoit Sevens <[email protected]>
	Cc: [email protected]
	Acked-by: Greg Kroah-Hartman <[email protected]>
	Reviewed-by: Laurent Pinchart <[email protected]>
	Signed-off-by: Hans Verkuil <[email protected]>
(cherry picked from commit ecf2b43)
	Signed-off-by: Greg Rose <[email protected]>
PlaidCat
PlaidCat approved these changes Feb 18, 2025
View reviewed changes
Copy link
Collaborator

@PlaidCat PlaidCat left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

This the same as this: #114
But with branch names that are spelled correctly

jallisonciq
jallisonciq approved these changes Feb 19, 2025
View reviewed changes
Copy link

@jallisonciq jallisonciq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM (at least the C code change) !

bmastbergen
bmastbergen approved these changes Feb 19, 2025
View reviewed changes
Copy link
Collaborator

@bmastbergen bmastbergen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🥌

@gvrose8192
Copy link
Author

Merged via push to preserve my gpg signatures.

@gvrose8192 gvrose8192 closed this Feb 19, 2025
@gvrose8192 gvrose8192 deleted the gvrose_fips-8-compliant/4.18.0-553.16.1 branch February 19, 2025 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PlaidCat PlaidCat PlaidCat approved these changes

@bmastbergen bmastbergen bmastbergen approved these changes

@jallisonciq jallisonciq jallisonciq approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gvrose8192 @PlaidCat @bmastbergen @jallisonciq