lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20221207075236.23171-1-svens@linux.ibm.com>
Date:   Wed,  7 Dec 2022 08:52:35 +0100
From:   Sven Schnelle <svens@...ux.ibm.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jiri Slaby <jirislaby@...nel.org>
Cc:     Christian Borntraeger <borntraeger@...ibm.com>,
        linux-kernel@...r.kernel.org, linux-s390@...r.kernel.org
Subject: [PATCH 0/1] crash in tty layer when specifying invalid console=ttyX

Hi,

we had a user specifying 'console=tty3270' assuming that this will use the
tty3270 driver from s390 as console device. However, it will try to open
tty number 3270 as tty which is not what the user expected. That alone
isn't really a problem, but the kernel crashes while dereferencing invalid
memory with this option.

I tested this with qemu on x86, and it crashes in the same way. I never
worked in the tty layer, but it looks to me like there's some out-of-bound
checking missing in tty_driver_lookup_tty(). If this fix is wrong or
there's a better place to do that, let me know.

Sven Schnelle (1):
  tty: fix out-of-bounds access in tty_driver_lookup_tty()

 drivers/tty/tty_io.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ