On 2024-07-01 8:37 a.m., [email protected] wrote:
From: Deepthi Hemraj<[email protected]>
Signed-off-by: Deepthi Hemraj<[email protected]>
---
.../llvm/0002-llvm-Fix-CVE-2024-0151.patch | 1086 +++++++++++++++++
meta/recipes-devtools/llvm/llvm_18.1.5.bb | 1 +
2 files changed, 1087 insertions(+)
create mode 100644
meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch
diff --git a/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch
b/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch
new file mode 100644
index 0000000000..0b8338d35b
--- /dev/null
+++ b/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch
@@ -0,0 +1,1086 @@
+commit 78ff617d3f573fb3a9b2fef180fa0fd43d5584ea
+Author: Lucas Duarte Prates<[email protected]>
+Date: Thu Jun 20 10:22:01 2024 +0100
+
+ [ARM] CMSE security mitigation on function arguments and returned values
(#89944)
+
+ The ABI mandates two things related to function calls:
+ - Function arguments must be sign- or zero-extended to the register
+ size by the caller.
+ - Return values must be sign- or zero-extended to the register size by
+ the callee.
+
+ As consequence, callees can assume that function arguments have been
+ extended and so can callers with regards to return values.
+
+ Here lies the problem: Nonsecure code might deliberately ignore this
+ mandate with the intent of attempting an exploit. It might try to pass
+ values that lie outside the expected type's value range in order to
+ trigger undefined behaviour, e.g. out of bounds access.
+
+ With the mitigation implemented, Secure code always performs extension
+ of values passed by Nonsecure code.
+
+ This addresses the vulnerability described in CVE-2024-0151.
Hi Steve,
I see that this was queued to your -next branch but isn't merged yet:
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-next
I'm not too concerned about the patch but I have a question about test
coverage
that hopefully won't take up too much of everyone's time.
As you can see from:
https://nvd.nist.gov/vuln/detail/CVE-2024-0151
"Insufficient argument checking in Secure state Entry functions in
software using
Cortex-M Security Extensions (CMSE), ... "
this CVE only affects systems using Cortex-M Security Extensions.
I don't think Deepthi did any run-time testing that would run code in
this mode but
I'm not very familiar with such things.
Do we have any tests that would allow us to say that the patch at least
runs successfully?
I suppose we can take it on trust that it's an improvement and that
anyone who is using
such an environment can report problems.
Thanks,
../Randy
--
# Randy MacLeod
# Wind River Linux
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#201683):
https://lists.openembedded.org/g/openembedded-core/message/201683
Mute This Topic: https://lists.openembedded.org/mt/106977695/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
