CVE-2024-53192

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access<br /> <br /> Flexible-array member `hws` in `struct clk_hw_onecell_data` is annotated<br /> with the `counted_by()` attribute. This means that when memory is<br /> allocated for this array, the _counter_, which in this case is member<br /> `num` in the flexible structure, should be set to the maximum number of<br /> elements the flexible array can contain, or fewer.<br /> <br /> In this case, the total number of elements for the flexible array is<br /> determined by variable `clks_num` when allocating heap space via<br /> `devm_kzalloc()`, as shown below:<br /> <br /> 289 struct loongson2_clk_provider *clp;<br /> ...<br /> 296 for (p = data; p-&gt;name; p++)<br /> 297 clks_num++;<br /> 298<br /> 299 clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num),<br /> 300 GFP_KERNEL);<br /> <br /> So, `clp-&gt;clk_data.num` should be set to `clks_num` or less, and not<br /> exceed `clks_num`, as is currently the case. Otherwise, if data is<br /> written into `clp-&gt;clk_data.hws[clks_num]`, the instrumentation<br /> provided by the compiler won&amp;#39;t detect the overflow, leading to a<br /> memory corruption bug at runtime.<br /> <br /> Fix this issue by setting `clp-&gt;clk_data.num` to `clks_num`.