CVE-2024-53157

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scpi: Check the DVFS OPP count returned by the firmware

Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero.

dvfsinfo.oppcount may be zero on some platforms during the reboot test, and the kernel will crash after dereferencing the pointer to kcalloc(info->count, sizeof(*opp), GFP_KERNEL).

| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 | Mem abort info: | ESR = 0x96000004 | Exception class = DABT (current EL), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | Data abort info: | ISV = 0, ISS = 0x00000004 | CM = 0, WnR = 0 | user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c | [0000000000000028] pgd=0000000000000000 | Internal error: Oops: 96000004 [#1] SMP | scpi-hwmon: probe of PHYT000D:00 failed with error -110 | Process systemd-udevd (pid: 1701, stack limit = 0x00000000aaede86c) | CPU: 2 PID: 1701 Comm: systemd-udevd Not tainted 4.19.90+ #1 | Hardware name: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS | pstate: 60000005 (nZCv daif -PAN -UAO) | pc : scpidvfsrecalcrate+0x40/0x58 [clkscpi] | lr : clkregister+0x438/0x720 | Call trace: | scpidvfsrecalcrate+0x40/0x58 [clkscpi] | devmclkhwregister+0x50/0xa0 | scpiclkopsinit.isra.2+0xa0/0x138 [clkscpi] | scpiclocksprobe+0x528/0x70c [clkscpi] | platformdrvprobe+0x58/0xa8 | reallyprobe+0x260/0x3d0 | driverprobedevice+0x12c/0x148 | devicedriverattach+0x74/0x98 | _driverattach+0xb4/0xe8 | busforeachdev+0x88/0xe0 | driverattach+0x30/0x40 | busadddriver+0x178/0x2b0 | driverregister+0x64/0x118 | _platformdriverregister+0x54/0x60 | scpiclocksdriverinit+0x24/0x1000 [clkscpi] | dooneinitcall+0x54/0x220 | doinitmodule+0x54/0x1c8 | loadmodule+0x14a4/0x1668 | _sesysfinitmodule+0xf8/0x110 | _arm64sysfinitmodule+0x24/0x30 | el0svccommon+0x78/0x170 | el0svchandler+0x38/0x78 | el0svc+0x8/0x340 | Code: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820) | ---[ end trace 06feb22469d89fa8 ]--- | Kernel panic - not syncing: Fatal exception | SMP: stopping secondary CPUs | Kernel Offset: disabled | CPU features: 0x10,a0002008 | Memory Limit: none