| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5B8DA87D05A7694D9FA63FD143655C1B1AF073B4@HASMSX106.ger.corp.intel.com> Date: Thu, 7 Nov 2013 12:21:54 +0000 From: "Winkler, Tomas" <tomas.winkler@...el.com> To: Greg KH <gregkh@...uxfoundation.org> CC: "arnd@...db.de" <arnd@...db.de>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: RE: [char-misc-next 2/8] mei: hbm: validate client index is not exceeding allocated array size > > > > This somehow should guard buffer overflow allocated of size dev- > >me_clients_num > > In theory this can happen only if something go wrong in hardware > > initialization or there is some other security hole that can change > > client_num. > > What _kind_ of "security hole" could ever change that number? Where > does it come from? Who can modify it? If you don't know that now then > we have worse problems... The allocation of me_clients arrays of mei_clients_num is happening on ME enumeration message, While the filling out the array is looping over get properties message which is bounded by MEI_CLIENTS_MAX, so the overflow is indeed possible, of course only on some faulty HW. We had such errors only on new HW bring ups. Thanks Tomas -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists