| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1532096412.21552.35.camel@codethink.co.uk>
Date: Fri, 20 Jul 2018 15:20:12 +0100
From: Ben Hutchings <ben.hutchings@...ethink.co.uk>
To: Dan Carpenter <dan.carpenter@...cle.com>, Tejun Heo <tj@...nel.org>
Cc: stable@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4.4 022/105] libata: zpodd: small read overflow in
eject_tray()
On Sun, 2018-07-01 at 18:01 +0200, Greg Kroah-Hartman wrote:
> 4.4-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Dan Carpenter <dan.carpenter@...cle.com>
>
> commit 18c9a99bce2a57dfd7e881658703b5d7469cc7b9 upstream.
>
> We read from the cdb[] buffer in ata_exec_internal_sg(). It has to be
> ATAPI_CDB_LEN (16) bytes long, but this buffer is only 12 bytes.
zpodd_get_mech_type() appears to have the same problem.
Ben.
> Fixes: 213342053db5 ("libata: handle power transition of ODD")
> Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
> Signed-off-by: Tejun Heo <tj@...nel.org>
> Cc: stable@...r.kernel.org
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
[...]
--
Ben Hutchings, Software Developer Codethink Ltd
https://www.codethink.co.uk/ Dale House, 35 Dale Street
Manchester, M1 2HF, United Kingdom
Powered by blists - more mailing lists