lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YTIpXrJmJTasAGJU@kroah.com>
Date:   Fri, 3 Sep 2021 15:55:42 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Dongliang Mu <mudongliangabcd@...il.com>
Cc:     stable@...r.kernel.org,
        Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
        George Kennedy <george.kennedy@...cle.com>,
        syzbot+e5fd3e65515b48c02a30@...kaller.appspotmail.com,
        Dan Carpenter <dan.carpenter@...cle.com>,
        Dhaval Giani <dhaval.giani@...cle.com>,
        Sasha Levin <sashal@...nel.org>,
        dri-devel@...ts.freedesktop.org, linux-fbdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4.19] fbmem: add margin check to fb_check_caps()

On Thu, Sep 02, 2021 at 02:10:48PM +0800, Dongliang Mu wrote:
> [ Upstream commit a49145acfb975d921464b84fe00279f99827d816 ]
> 
> A fb_ioctl() FBIOPUT_VSCREENINFO call with invalid xres setting
> or yres setting in struct fb_var_screeninfo will result in a
> KASAN: vmalloc-out-of-bounds failure in bitfill_aligned() as
> the margins are being cleared. The margins are cleared in
> chunks and if the xres setting or yres setting is a value of
> zero upto the chunk size, the failure will occur.
> 
> Add a margin check to validate xres and yres settings.
> 
> Note that, this patch needs special handling to backport it to linux
> kernel 4.19, 4.14, 4.9, 4.4.

Looks like this is already in the 4.4.283, 4.9.282, 4.14.246, and
4.19.206 kernel releases.  Can you check them to verify that it matches
your backport as well?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ