| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YcnePfF1OOqoQwrX@zn.tnic>
Date: Mon, 27 Dec 2021 16:39:41 +0100
From: Borislav Petkov <bp@...en8.de>
To: 张子勋(Zhang Zixun) <zhangzixun1@...o.com>
Cc: "tony.luck@...el.com" <tony.luck@...el.com>,
"linux-edac@...r.kernel.org" <linux-edac@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: A stack overflow found in flags_write()
On Mon, Dec 27, 2021 at 11:59:37AM +0000, 张子勋(Zhang Zixun) wrote:
> Hi,
> I find a problem in flags_write() in arch/x86/kernel/cpu/mce/inject.c. There is a parameter cnt in this function and it used in compute write size by "buf[cnt - 1] = 0". If cnt == 0, buf[cnt - 1] will change buf[-1] and occur overflow. This problem can be fixed by patch I provided.
>
> Thanks
> ________________________________
> OPPO
>
> 本电子邮件及其附件含有OPPO公司的保密信息,仅限于邮件指明的收件人使用(包含个人及群组)。禁止任何人在未经授权的情况下以任何形式使用。如果您错收了本邮件,请立即以电子邮件通知发件人并删除本邮件及其附件。
>
> This e-mail and its attachments contain confidential information from OPPO, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!
Deleted.
If you want me to read your mail, you'll have to get rid of that footer.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists