| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3fe4c327-b69b-464e-8e4e-005fa1813279@wanadoo.fr> Date: Mon, 19 Feb 2024 18:59:02 +0100 From: Christophe JAILLET <christophe.jaillet@...adoo.fr> To: Dan Carpenter <dan.carpenter@...aro.org> Cc: gustavo@...eddedor.com, keescook@...omium.org, Gerd Hoffmann <kraxel@...hat.com>, Sumit Semwal <sumit.semwal@...aro.org>, Christian König <christian.koenig@....com>, Daniel Vetter <daniel.vetter@...ll.ch>, linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org, dri-devel@...ts.freedesktop.org, linux-media@...r.kernel.org, linaro-mm-sig@...ts.linaro.org Subject: Re: [PATCH v2] udmabuf: Fix a potential (and unlikely) access to unallocated memory Le 19/02/2024 à 09:37, Dan Carpenter a écrit : > On Sun, Feb 18, 2024 at 06:46:44PM +0100, Christophe JAILLET wrote: >> If 'list_limit' is set to a very high value, 'lsize' computation could >> overflow if 'head.count' is big enough. >> > > The "list_limit" is set via module parameter so if you set that high > enough to lead to an integer overflow then you kind of deserve what > you get. > > This patch is nice for kernel hardening and making the code easier to > read/audit but the real world security impact is negligible. Agreed. That is what I meant by "and unlikely". Maybe the commit message could be more explicit if needed. Let me know if ok as-is or if I should try to re-word the description. CJ > > regards, > dan carpenter > > >
Powered by blists - more mailing lists