Fix CVE-2023-49100

2024-01-23 10:57:29 +08:00 · 2024-01-23 10:57:29 +08:00 · 03db591f11
commit 03db591f11
parent cb713da494
2 changed files with 43 additions and 1 deletions
--- a/CVE-2023-49100.patch
+++ b/CVE-2023-49100.patch
@ -0,0 +1,37 @@
+From a7eff3477dcf3624c74f5217419b1a27b7ebd2aa Mon Sep 17 00:00:00 2001
+From: Manish Pandey <manish.pandey2@arm.com>
+Date: Thu, 26 Oct 2023 11:14:21 +0100
+Subject: fix(sdei): ensure that interrupt ID is valid
+
+As per SDEI spec (section 5.1.14.1), SDEI_INTERRUPT_BIND interface
+expects a valid PPI or SPI. SGI's are not allowed to be bounded.
+Current check in the code only checks for an SGI and returns invalid
+ID. This check is insufficient as it will not catch architecturally
+invalid interrupt IDs.
+
+Modify the check to ensure that interrupt is either PPI or SPI.
+
+Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
+Change-Id: I52eb0a6d7f88a12f6816cff9b68fb3a7ca12cbb7
+---
+ services/std_svc/sdei/sdei_main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/services/std_svc/sdei/sdei_main.c b/services/std_svc/sdei/sdei_main.c
+index 44178eddd3..0fd3c1d32c 100644
+--- a/services/std_svc/sdei/sdei_main.c
+++ b/services/std_svc/sdei/sdei_main.c
+@@ -710,8 +710,8 @@ static int sdei_interrupt_bind(unsigned int intr_num)
+ 	sdei_ev_map_t *map;
+ 	bool retry = true, shared_mapping;
+ 
+-	/* SGIs are not allowed to be bound */
+-	if (plat_ic_is_sgi(intr_num) != 0)
+	/* Interrupt must be either PPI or SPI */
+	if (!(plat_ic_is_ppi(intr_num) || plat_ic_is_spi(intr_num)))
+ 		return SDEI_EINVAL;
+ 
+ 	shared_mapping = (plat_ic_is_spi(intr_num) != 0);
+-- 
+cgit v1.2.3
+
--- a/arm-trusted-firmware.spec
+++ b/arm-trusted-firmware.spec
@ -2,11 +2,13 @@

 Name:          arm-trusted-firmware
 Version:       2.9
-Release:       1
+Release:       2
 Summary:       ARM Trusted Firmware
 License:       BSD
 URL:           https://github.com/ARM-software/arm-trusted-firmware/wiki
 Source0:       https://github.com/ARM-software/arm-trusted-firmware/archive/v%{version}/%{name}-%{version}.tar.gz
+# https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=a7eff3477dcf3624
+Patch0:        CVE-2023-49100.patch
 ExclusiveArch: aarch64
 BuildRequires: dtc

@ -61,6 +63,9 @@ strip %{buildroot}/%{_datadir}/%{name}/rk3368/bl31.elf
 %{_datadir}/%{name}

 %changelog
+* Tue Jan 23 2024 yaoxin <yao_xin001@hoperun.com> - 2.9-2
+- Fix CVE-2023-49100
+
 * Fri Jul 07 2023 xu_ping <707078654@qq.com> -2.9-1
 - Upgrade to 2.9