| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Jun 2018 11:51:46 +0200
From: Samuel Ortiz <sameo@...ux.intel.com>
To: Amit Pundir <amit.pundir@...aro.org>
Cc: lkml <linux-kernel@...r.kernel.org>,
linux-wireless@...r.kernel.org,
Suren Baghdasaryan <surenb@...gle.com>,
Christophe Ricard <christophe.ricard@...il.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Greg KH <gregkh@...uxfoundation.org>,
John Stultz <john.stultz@...aro.org>,
Dmitry Shmidt <dimitrysh@...gle.com>,
Todd Kjos <tkjos@...gle.com>,
Android Kernel Team <kernel-team@...roid.com>,
Stable <stable@...r.kernel.org>
Subject: Re: [PATCH v3 1/4] NFC: st21nfca: Fix out of bounds kernel access
when handling ATR_REQ
Hi Amit,
On Fri, May 04, 2018 at 12:08:53AM +0530, Amit Pundir wrote:
> From: Suren Baghdasaryan <surenb@...gle.com>
>
> Out of bounds kernel accesses in st21nfca's NFC HCI layer
> might happen when handling ATR_REQ events if user-specified
> atr_req->length is bigger than the buffer size. In
> that case memcpy() inside st21nfca_tm_send_atr_res() will
> read extra bytes resulting in OOB read from the kernel heap.
>
> cc: Stable <stable@...r.kernel.org>
> Signed-off-by: Suren Baghdasaryan <surenb@...gle.com>
> Signed-off-by: Amit Pundir <amit.pundir@...aro.org>
> Reviewed-by: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
> ---
> v3..v1:
> Resend. No changes.
>
> drivers/nfc/st21nfca/dep.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
All 4 patches applied to nfc-next, thanks.
Cheers,
Samuel.
Powered by blists - more mailing lists