2 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch
new file mode 100644
index 0000000000..aac6751625
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch
@@ -0,0 +1,30 @@
+From 79ea6677669e50b0bb9c231765adb4f81c375f63 Mon Sep 17 00:00:00 2001
+From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
+Date: Tue, 3 Dec 2024 21:43:52 +0200
+Subject: [PATCH] Fix CVE-2024-7546
+CVE: CVE-2024-7546
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=79ea6677669e50b0bb9c231765adb4f81c375f63]
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/stkutil.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/src/stkutil.c b/src/stkutil.c
+index e1fd75c..88a715d 100644
+--- a/src/stkutil.c
+++ b/src/stkutil.c
+@@ -1783,6 +1783,10 @@ static bool parse_dataobj_frame_layout(struct comprehension_tlv_iter *iter,
+        fl->layout = data[0];
+        fl->len = len - 1;
+
+       if (fl->len > sizeof(fl->size))
+               return false;
+
+        memcpy(fl->size, data + 1, fl->len);
+        return true;
+--
+2.40.0
diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb
index 0597caff3c..0c1e0ea6f8 100644
--- a/meta/recipes-connectivity/ofono/ofono_1.34.bb
+++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb
@@ -22,6 +22,7 @@ SRC_URI = "\
    file://CVE-2024-7543.patch \
    file://CVE-2024-7544.patch \
    file://CVE-2024-7545.patch \
+    file://CVE-2024-7546.patch \
 "
 SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"

diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch new file mode 100644 index 0000000000..aac6751625 --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch
@@ -0,0 +1,30 @@
		1	From 79ea6677669e50b0bb9c231765adb4f81c375f63 Mon Sep 17 00:00:00 2001
		2	From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
		3	Date: Tue, 3 Dec 2024 21:43:52 +0200
		4	Subject: [PATCH] Fix CVE-2024-7546
		5
		6	CVE: CVE-2024-7546
		7	Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=79ea6677669e50b0bb9c231765adb4f81c375f63]
		8
		9	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
		10	---
		11	src/stkutil.c \| 4 ++++
		12	1 file changed, 4 insertions(+)
		13
		14	diff --git a/src/stkutil.c b/src/stkutil.c
		15	index e1fd75c..88a715d 100644
		16	--- a/src/stkutil.c
		17	+++ b/src/stkutil.c
		18	@@ -1783,6 +1783,10 @@ static bool parse_dataobj_frame_layout(struct comprehension_tlv_iter *iter,
		19
		20	fl->layout = data[0];
		21	fl->len = len - 1;
		22	+
		23	+ if (fl->len > sizeof(fl->size))
		24	+ return false;
		25	+
		26	memcpy(fl->size, data + 1, fl->len);
		27
		28	return true;
		29	--
		30	2.40.0


diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb index 0597caff3c..0c1e0ea6f8 100644 --- a/meta/recipes-connectivity/ofono/ofono_1.34.bb +++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb
@@ -22,6 +22,7 @@ SRC_URI = "\
22	file://CVE-2024-7543.patch \	22	file://CVE-2024-7543.patch \
23	file://CVE-2024-7544.patch \	23	file://CVE-2024-7544.patch \
24	file://CVE-2024-7545.patch \	24	file://CVE-2024-7545.patch \
		25	file://CVE-2024-7546.patch \
25	"	26	"
26	SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"	27	SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"
27		28