In message: [linux-yocto][linux-yocto v6.1][PATCH 0/1] Backport patch to fix CVE-2024-38541 on 04/07/2024 Xiangyu Chen via lists.yoctoproject.org wrote:
> From: Xiangyu Chen <[email protected]> > > Hi Bruce, > > Recently, the CVE-2024-38541's source up to 9.8-critical[1], upstream already > fixed it, > but the of_modalias in device.c has already moved out to module.c, to > backport all related > patches might have some risk, so adapted the fix of of_modalias() in device.c. Agreed. The modified patch looked fine to me, so I've gone ahead and merged it. Bruce > > Ref: > [1] https://nvd.nist.gov/vuln/detail/CVE-2024-38541 > > Xiangyu Chen (1): > of: module: add buffer overflow check in of_modalias() > > drivers/of/device.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > -- > 2.34.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#14120): https://lists.yoctoproject.org/g/linux-yocto/message/14120 Mute This Topic: https://lists.yoctoproject.org/mt/107031476/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
