oss-sec mailing list archives
Re: CVE Request - Samsung Exynos GPU driver OOB read
From: <cve-assign () mitre org>
Date: Thu, 19 Jan 2017 20:17:47 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 SVE-2016-6362: out of bound read in gpu driver Vulnerability in gpu driver does not properly check the boundary of buffers leading to a possible memory corruption.
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=SM-G9200there is no official git for tracking from Samsung
The bug itself resides in <root>/drivers/gpu/arm/t7xx/r5p0/mali_kbase_core_linux.c of the src tree, in function kbase_dispatch which is the main ioctl dispatcher of the driver: static mali_error kbase_dispatch(struct kbase_context *kctx, void * const args, u32 args_size) { ... /* setup complete, perform normal operation */ switch (id) { ... case KBASE_FUNC_TMU_SKIP: { /* MALI_SEC_INTEGRATION */ #ifdef CONFIG_SENSORS_SEC_THERMISTOR #ifdef CONFIG_USE_VSYNC_SKIP struct kbase_uk_tmu_skip *tskip = args; int thermistor = sec_therm_get_ap_temperature(); u32 i, t_index = tskip->num_ratiometer; for (i = 0; i < tskip->num_ratiometer; i++) <== missing boundary check if (thermistor >= tskip->temperature[i]) t_index = i; tskip->temperature is a uint32 array of static size(10 elements) and tskip->num_ratiometer a uint32 which is user controlled. Since the boundary check is missing, OOB read may happen leading to possible memory corruption.
Use CVE-2017-5538. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYgWRyAAoJEHb/MwWLVhi2PZMP/1ehua8X9WteUieeSsh1ppVl qpofa9xWnyAikurp7B7Yg4WNnYWrR5+pxMw7yuwtGJfBr49mmaE9WN+vEOYMAL49 sCCWudmieEYv8ZW+cKMawkWFGbRxdwBxGnWqeVCyBB9ktIKGC3t7PIeUadLwn6kr Hi8lKdczXK9Na59jct/HDQoFKmfETKyuWiFhe+c6cbcmowLrEMFP9z83LgTCP0/M a4lLwGo9quR7qyJK78wws7vyVE8R56OWKanKzIa7ok3pPk+c1lqwveyg0M23uD8A KO+tkplmt1FNuQ2yjjHo3KYMq7fUchIBi4zo1AAUp56oPrzUbbEJDab+A+DZl3hy 5vVjYcZtjYigZroWX8Cqu9nYEsMNx/u2yclDFdwzlmdLa/gDcdEPIBOzlHVtAlog y6T1vTCBKRE7S2bmKqROnij2u+8d7D/0Mm77+9ra50VVVbVJEzXkT3fkuKrBhUBA gwSvWmOXTK7E0ZfPTzX1Tc5aqcQebwmPadW/MHazuWS1evmzdRUN6w75ZZ/eDlRw RJvvp4eRRIXvh5UxQ+a5QlzFhP5mlGtVDnQ1WpuO02lo5el3MpRWxKbXOssqoBQg vrTkiBMo0rES5OurfiX4Pn5IGIP4ykNke0cGuX4lldiQvMRBHtUNTJPAMTAHMowI j+zyr2GFgnVpaWgBEGow =UjQq -----END PGP SIGNATURE-----
Current thread:
- CVE Request - Samsung Exynos GPU driver OOB read Idler (Jan 19)
- Re: CVE Request - Samsung Exynos GPU driver OOB read Greg KH (Jan 19)
- RE: CVE Request - Samsung Exynos GPU driver OOB read idl3r (Jan 19)
- Re: CVE Request - Samsung Exynos GPU driver OOB read Greg KH (Jan 20)
- RE: CVE Request - Samsung Exynos GPU driver OOB read idl3r (Jan 20)
- RE: CVE Request - Samsung Exynos GPU driver OOB read idl3r (Jan 19)
- Re: CVE Request - Samsung Exynos GPU driver OOB read Greg KH (Jan 19)
- Re: CVE Request - Samsung Exynos GPU driver OOB read cve-assign (Jan 19)