Commit f91b9f3a authored by Hagar Hemdan's avatar Hagar Hemdan Committed by Tong Tiangen
Browse files

efi: libstub: only free priv.runtime_map when allocated 

stable inclusion
from stable-v6.6.33
commit 9dce01f386c9ce6990c0a83fa14b1c95330b037e
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA7D2K
CVE: CVE-2024-33619

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9dce01f386c9ce6990c0a83fa14b1c95330b037e



--------------------------------

commit 4b2543f7e1e6b91cfc8dd1696e3cdf01c3ac8974 upstream.

priv.runtime_map is only allocated when efi_novamap is not set.
Otherwise, it is an uninitialized value.  In the error path, it is freed
unconditionally.  Avoid passing an uninitialized value to free_pool.
Free priv.runtime_map only when it was allocated.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Fixes: f80d2604 ("efi: libstub: avoid efi_get_memory_map() for allocating the virt map")
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarHagar Hemdan <hagarhem@amazon.com>
Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarTong Tiangen <tongtiangen@huawei.com>
parent ed2d630b

drivers/firmware/efi/libstub/fdt.c

+2 −2
Original line number Diff line number Diff line
@@ -335,7 +335,7 @@ efi_status_t allocate_new_fdt_and_exit_boot(void *handle, 


fail:

	efi_free(fdt_size, fdt_addr);



	if (!efi_novamap)

		efi_bs_call(free_pool, priv.runtime_map);



	return EFI_LOAD_ERROR;