| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Apr 2016 12:26:41 +0100
From: Matt Fleming <matt@...eblueprint.co.uk>
To: Ingo Molnar <mingo@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
"H . Peter Anvin" <hpa@...or.com>
Cc: Matt Fleming <matt@...eblueprint.co.uk>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org,
Chris Wilson <chris@...is-wilson.co.uk>,
Jani Nikula <jani.nikula@...ux.intel.com>,
Jason Andryuk <jandryuk@...il.com>,
Laszlo Ersek <lersek@...hat.com>,
Matthew Garrett <mjg59@...eos.com>,
Peter Jones <pjones@...hat.com>
Subject: [GIT PULL] EFI urgent fix
Folks, please pull the following fix from Laszlo that ensures we don't
perform an out-of-bounds access when matching EFI variable names
against the variable protection whitelist.
The following changes since commit c3b46c73264b03000d1e18b22f5caf63332547c9:
Linux 4.6-rc4 (2016-04-17 19:13:32 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-urgent
for you to fetch changes up to 630ba0cc7a6dbafbdee43795617c872b35cde1b4:
efi: Fix out-of-bounds read in variable_matches() (2016-04-22 19:41:41 +0100)
----------------------------------------------------------------
* Avoid out-of-bounds access in the efivars code when performing
string matching on converted EFI variable names - Laszlo Ersek
----------------------------------------------------------------
Laszlo Ersek (1):
efi: Fix out-of-bounds read in variable_matches()
drivers/firmware/efi/vars.c | 37 ++++++++++++++++++++++++++-----------
1 file changed, 26 insertions(+), 11 deletions(-)
Powered by blists - more mailing lists