Bugzilla – Bug 1057481
VUL-0: CVE-2017-9725: kernel-source: Incorrect type conversion for size during dma allocation
Last modified: 2017-12-18 13:04:44 UTC
An incorrect type conversion of a size during dma allocation was found.
mainline git commit is 67a2e213e7e937c41c52ab5bc46bf3f4de469f6e
The fix is in v4.4 on mainline according to git tag --contains
continous dma allocator was added in 3.10.
So I would currently guess only 3.12 affected, SLES 12 GA and SP1.
The patch would break kABI, so it's not straightforward to apply it.
And, CONFIG_CMA is enabled only for ppc64le, so it's at most only on that.
The issue seems to be triggered by passing over-32bit size argument to the allocator, and the ion driver doesn't exist on SLE12-SP0/SP1.
So, unless we have such a caller (except for ion driver), it should be OK as is, I guess.
Adding Vlastimil to Cc for more auditing.
dma_alloc_from_contiguous() is behind CONFIG_DMA_CMA, which we don't enable.
cma_alloc() didn't appear until 3.17.
The core CMA function alloc_contig_range() is unaffected.
So we are safe even without applying the patch.
in 12-sp2 and 12-sp3
(In reply to Marcus Meissner from comment #6)
> i see
> in 12-sp2 and 12-sp3
Those are 4.4, thus fixed since the beginning.
seems we can close it?
(In reply to Marcus Meissner from comment #8)
> seems we can close it?
If you're asking me, then yes.
Reassigned back to security team.