Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1136276rwl;
        Fri, 24 Mar 2023 06:49:11 -0700 (PDT)
X-Google-Smtp-Source: AK7set8h2wAZjmPp765X9KQr9zM257S4tmOisDzY7TwC0zJmQeBQCcbpm4jJpV9ug6HuOZyUJ4Xe
X-Received: by 2002:a05:6402:d6b:b0:500:58cb:3afd with SMTP id ec43-20020a0564020d6b00b0050058cb3afdmr9995392edb.3.1679665751049;
        Fri, 24 Mar 2023 06:49:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1679665751; cv=none;
        d=google.com; s=arc-20160816;
        b=on5EHHq5erPeiO3pmjq5AG8bS6vjmQsB2bt/NyzQ1HCrqAOb/mWMHP3BOPwbDrdWUa
         eV+lXJgfyd9jbj/msNQ9/iaHysG9WgLQFu6TxN0o3mwqfI6CWcT/rVoVh6HwwWv1lDaO
         1SE7jpYmHuEtt8/ZTWuxd7nKOftfDPZuvfcFN0/LcFfi2Ln0nYt7YJ9hCg273d1cBz0z
         54ZAq6ShP9ijY5u5y/jRzhDDpAmDIZa7Z2WbJIoeJZV6qTldKnbBy41Fz1lfQzAtqvsL
         hjEylPRVpxYrO1GCsI9RYxYblzaYXOpBfKt5eU/flVKDr6nWLLwZnTdjcLWR5qfwCe4b
         SceA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent:subject:cc:to:from
         :message-id:date:dkim-signature:dkim-signature;
        bh=/o2biA8h7/stouQe+BpAQlLZo41s3+FwkTJaWirdfNs=;
        b=ueFb+DSpIkv0EtdilcDBAEEOC8/BRhTnf4Wke/1VcMpr5mJ8X+ZrBorG6UnsooGlGA
         J0BWyrj1Qi+IkzZ8jQzIsj2bNwgQB7KTaM2QGutU40eVETiqVKboriZJsHrm93ZxGrf/
         2WfXom9O4HNwG9ntqW1mXfTCxAx8iBFPZZX6cPjJHfimzpmp4bPiQv3cn8jGXTMA41iJ
         XzNPGzhQqczCoEvzytSLCLOkNrCG3IhZOESOsrL2uX3tsxIu+Jtn5P7gBhJHfo6PI1vz
         CjgpQ++SFYdotFHlRENOJ464INr01HqhJENyvO4/yQ0emURY28yAXq6ZSpHWWl07Xv66
         Yv/A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="CBasj7B/";
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=btYp+XVg;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id gz22-20020a170907a05600b009332bb8b1fcsi1023898ejc.842.2023.03.24.06.48.45;
        Fri, 24 Mar 2023 06:49:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="CBasj7B/";
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=btYp+XVg;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230192AbjCXNkp (ORCPT <rfc822;andreas.noever@gmail.com>
        + 99 others); Fri, 24 Mar 2023 09:40:45 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46922 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231864AbjCXNkn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 24 Mar 2023 09:40:43 -0400
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D2A022785;
        Fri, 24 Mar 2023 06:40:40 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id C83DE1FE6B;
        Fri, 24 Mar 2023 13:40:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1679665238; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type;
        bh=/o2biA8h7/stouQe+BpAQlLZo41s3+FwkTJaWirdfNs=;
        b=CBasj7B/snzpze3ToXwTE48Dhsy2EWZF0OE6wbi168by79wArBG+oc8U85i9gG/ix4gGDy
        UJm5OBaXU8D2BxcZPzjn7dGg5dPcfLDD9plZNfr7KIA4VH91OeAEhWPXiMva2VIAK8MXZH
        bV/S4jAPxTfkXlclcY3jdmBztbGVyTI=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1679665238;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type;
        bh=/o2biA8h7/stouQe+BpAQlLZo41s3+FwkTJaWirdfNs=;
        b=btYp+XVg8mflanIy9Ed4jSZN8IJNgB9kkm5LxnTowHnZD4fC0TjtktLQMa4BwgXtagN84a
        6ZtxR2l6iMLR2PAw==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id AC08C133E5;
        Fri, 24 Mar 2023 13:40:38 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id 3BlXKVaoHWQFMQAAMHmgww
        (envelope-from <tiwai@suse.de>); Fri, 24 Mar 2023 13:40:38 +0000
Date:   Fri, 24 Mar 2023 14:40:38 +0100
Message-ID: <87ileq5ktl.wl-tiwai@suse.de>
From:   Takashi Iwai <tiwai@suse.de>
To:     Andy Gross <agross@kernel.org>,
        Bjorn Andersson <andersson@kernel.org>
Cc:     linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Missing qcom/mdt_loader.c fix for CVE-2022-40540?
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/27.2 Mule/6.0
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-Spam-Status: No, score=-2.5 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
        DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

I was asked about the handling for CVE-2022-40540 [*] on SUSE kernels,
and through a quick glance, the upstream code still misses the fix.
Namely, the downstream fix for the integer overflow check of the
firmware size below:
  https://git.codelinaro.org/clo/la/kernel/msm-5.10/-/commit/dae3214cd3495e5c4b37537cacf665d2cdeaea24
... can be applied to the current upstream code (as of 6.3-rc3) as far
as I understand.

Could you guys check it and apply the fix if really needed?


Thanks!

Takashi

[*]
  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40540
  https://bugzilla.redhat.com/show_bug.cgi?id=2180513
  https://www.cve.org/CVERecord?id=CVE-2022-40540
  https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin