In the Linux kernel, the following vulnerability has been resolved:
pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
In persistent_ram_init_ecc(), on 64-bit arches DIV_ROUND_UP() will return
64-bit value since persistent_ram_zone::buffer_size has type size_t which
is derived from the 64-bit unsigned long, while the ecc_blocks variable
this value gets assigned to has (always 32-bit) int type. Even if that
value fits into int type, an overflow is still possible when calculating
the size_t typed ecc_total variable further below since thereβs no cast to
any 64-bit type before multiplication. Declaring the ecc_blocks variable
as size_t should fix this messβ¦
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.