In the Linux kernel, the following vulnerability has been resolved:
iio: Fix the sorting functionality in iio_gts_build_avail_time_table
The sorting in iio_gts_build_avail_time_table is not working as intended.
It could result in an out-of-bounds access when the time is zero.
Here are more details:
3, 0, 1
, the inner for-loop will not terminate and dotimes[j] > new
, the valuenew
will be added in the current position and the times[j]
will bej+1
position, which makes the if-condition always hold.For more details, please refer to
https://lore.kernel.org/all/[email protected].
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/iio/industrialio-gts-helper.c"
],
"versions": [
{
"version": "38416c28e168",
"lessThan": "31ff8464ef54",
"status": "affected",
"versionType": "git"
},
{
"version": "38416c28e168",
"lessThan": "b5046de32fd1",
"status": "affected",
"versionType": "git"
},
{
"version": "38416c28e168",
"lessThan": "5acc3f971a01",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/iio/industrialio-gts-helper.c"
],
"versions": [
{
"version": "6.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.4",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.44",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10.3",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.11",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]