CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> remoteproc: mediatek: Make sure IPI buffer fits in L2TCM<br /> <br /> The IPI buffer location is read from the firmware that we load to the<br /> System Companion Processor, and it&amp;#39;s not granted that both the SRAM<br /> (L2TCM) size that is defined in the devicetree node is large enough<br /> for that, and while this is especially true for multi-core SCP, it&amp;#39;s<br /> still useful to check on single-core variants as well.<br /> <br /> Failing to perform this check may make this driver perform R/W<br /> operations out of the L2TCM boundary, resulting (at best) in a<br /> kernel panic.<br /> <br /> To fix that, check that the IPI buffer fits, otherwise return a<br /> failure and refuse to boot the relevant SCP core (or the SCP at<br /> all, if this is single core).