| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Nov 2023 18:26:22 +0100
From: Christian Marangi <ansuelsmth@...il.com>
To: "Rafael J. Wysocki" <rafael@...nel.org>,
Viresh Kumar <viresh.kumar@...aro.org>,
MyungJoo Ham <myungjoo.ham@...sung.com>,
Kyungmin Park <kyungmin.park@...sung.com>,
Chanwoo Choi <cw00.choi@...sung.com>,
Takashi Iwai <tiwai@...e.de>,
Jonghwa Lee <jonghwa3.lee@...sung.com>,
linux-kernel@...r.kernel.org, linux-pm@...r.kernel.org
Cc: stable@...r.kernel.org
Subject: Re: [PATCH 2/3] PM / devfreq: Fix buffer overflow in trans_stat_show
On Tue, Oct 24, 2023 at 08:30:15PM +0200, Christian Marangi wrote:
> Fix buffer overflow in trans_stat_show().
>
> Convert simple snprintf to the more secure scnprintf with size of
> PAGE_SIZE.
>
> Add condition checking if we are exceeding PAGE_SIZE and exit early from
> loop. Also add at the end a warning that we exceeded PAGE_SIZE and that
> stats is disabled.
>
> Return -EFBIG in the case where we don't have enough space to write the
> full transition table.
>
> Also document in the ABI that this function can return -EFBIG error.
>
> Cc: stable@...r.kernel.org
> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218041
> Fixes: e552bbaf5b98 ("PM / devfreq: Add sysfs node for representing frequency transition information.")
> Signed-off-by: Christian Marangi <ansuelsmth@...il.com>
Any news for this?
--
Ansuel
Powered by blists - more mailing lists