lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200901211626.GA17861@duo.ucw.cz>
Date:   Tue, 1 Sep 2020 23:16:26 +0200
From:   Pavel Machek <pavel@...x.de>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Sean Young <sean@...s.org>, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org, Jia-Ju Bai <baijiaju@...nghua.edu.cn>,
        Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
        Sasha Levin <sashal@...nel.org>
Subject: Re: [PATCH 4.19 016/125] media: pci: ttpci: av7110: fix possible
 buffer overflow caused by bad DMA value in debiirq()

On Tue 2020-09-01 18:35:23, Greg Kroah-Hartman wrote:
> On Tue, Sep 01, 2020 at 05:25:12PM +0100, Sean Young wrote:
> > Greg,
> > 
> > On Tue, Sep 01, 2020 at 05:09:31PM +0200, Greg Kroah-Hartman wrote:
> > > From: Jia-Ju Bai <baijiaju@...nghua.edu.cn>
> > > 
> > > [ Upstream commit 6499a0db9b0f1e903d52f8244eacc1d4be00eea2 ]
> > > 
> > > The value av7110->debi_virt is stored in DMA memory, and it is assigned
> > > to data, and thus data[0] can be modified at any time by malicious
> > > hardware. In this case, "if (data[0] < 2)" can be passed, but then
> > > data[0] can be changed into a large number, which may cause buffer
> > > overflow when the code "av7110->ci_slot[data[0]]" is used.
> > > 
> > > To fix this possible bug, data[0] is assigned to a local variable, which
> > > replaces the use of data[0].
> > 
> > See the discussion here:
> > 
> > https://lkml.org/lkml/2020/8/31/479
> > 
> > It does not seem worthwhile merging to the stable trees.
> 
> It doesn't hurt either :)

Update stable kernel rules.

If "patch does not match description and is pretty obviously useless"
but "does not hurt" is acceptable for stable tree, people should know.

You are pushing known junk into stable. Stop that.
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ