CVE-2024-43825

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iio: Fix the sorting functionality in iio_gts_build_avail_time_table<br /> <br /> The sorting in iio_gts_build_avail_time_table is not working as intended.<br /> It could result in an out-of-bounds access when the time is zero.<br /> <br /> Here are more details:<br /> <br /> 1. When the gts-&gt;itime_table[i].time_us is zero, e.g., the time<br /> sequence is `3, 0, 1`, the inner for-loop will not terminate and do<br /> out-of-bound writes. This is because once `times[j] &gt; new`, the value<br /> `new` will be added in the current position and the `times[j]` will be<br /> moved to `j+1` position, which makes the if-condition always hold.<br /> Meanwhile, idx will be added one, making the loop keep running without<br /> termination and out-of-bound write.<br /> 2. If none of the gts-&gt;itime_table[i].time_us is zero, the elements<br /> will just be copied without being sorted as described in the comment<br /> "Sort times from all tables to one and remove duplicates".<br /> <br /> For more details, please refer to<br /> https://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.