| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Dec 2022 17:23:12 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Aleksandr Burakov <a.burakov@...alinux.ru>
Cc: Frank Haverkamp <haver@...ux.ibm.com>,
Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org,
lvc-project@...uxtesting.org
Subject: Re: [PATCH 2/2] misc: genwqe: card_dev: Array index overflow fix in
ddcb_cmd_fixups()
On Wed, Dec 07, 2022 at 05:18:08PM +0300, Aleksandr Burakov wrote:
> &cmd->asiv of size 96 can overflow because its index (asiv_offs + 8)
> can be equal to 96 (0x58 + 0x08) that is out of range.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Aleksandr Burakov <a.burakov@...alinux.ru>
> Fixes: eaf4722d4645 ("GenWQE Character device and DDCB queue")
> ---
> drivers/misc/genwqe/card_dev.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/misc/genwqe/card_dev.c b/drivers/misc/genwqe/card_dev.c
> index 55fc5b80e649..d58ce2622307 100644
> --- a/drivers/misc/genwqe/card_dev.c
> +++ b/drivers/misc/genwqe/card_dev.c
> @@ -867,7 +867,7 @@ static int ddcb_cmd_fixups(struct genwqe_file *cfile, struct ddcb_requ *req)
> struct genwqe_ddcb_cmd *cmd = &req->cmd;
> struct dma_mapping *m;
>
> - for (i = 0, asiv_offs = 0x00; asiv_offs <= 0x58;
> + for (i = 0, asiv_offs = 0x00; asiv_offs < 0x58;
> i++, asiv_offs += 0x08) {
>
> u64 u_addr;
> --
> 2.25.1
>
Where is patch 1/2 of this series?
Powered by blists - more mailing lists