| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <167971021766.17146.5805572858718496946.git-patchwork-notify@kernel.org>
Date: Sat, 25 Mar 2023 02:10:17 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Ahmad Fatoum <a.fatoum@...gutronix.de>
Cc: linus.walleij@...aro.org, alsi@...g-olufsen.dk, andrew@...n.ch,
f.fainelli@...il.com, olteanv@...il.com, luizluca@...il.com,
davem@...emloft.net, kernel@...gutronix.de, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH net v2] net: dsa: realtek: fix out-of-bounds access
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@...nel.org>:
On Thu, 23 Mar 2023 11:37:35 +0100 you wrote:
> The probe function sets priv->chip_data to (void *)priv + sizeof(*priv)
> with the expectation that priv has enough trailing space.
>
> However, only realtek-smi actually allocated this chip_data space.
> Do likewise in realtek-mdio to fix out-of-bounds accesses.
>
> These accesses likely went unnoticed so far, because of an (unused)
> buf[4096] member in struct realtek_priv, which caused kmalloc to
> round up the allocated buffer to a big enough size, so nothing of
> value was overwritten. With a different allocator (like in the barebox
> bootloader port of the driver) or with KASAN, the memory corruption
> becomes quickly apparent.
>
> [...]
Here is the summary with links:
- [net,v2] net: dsa: realtek: fix out-of-bounds access
https://git.kernel.org/netdev/net/c/b93eb5648693
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Powered by blists - more mailing lists