| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <646143dcb1fc2abe8b53172bb8ac24fe54246dda.camel@HansenPartnership.com> Date: Thu, 07 Nov 2024 09:32:52 -0500 From: James Bottomley <James.Bottomley@...senPartnership.com> To: Qiu-ji Chen <chenqiuji666@...il.com>, linuxdrivers@...otech.com, martin.petersen@...cle.com Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org, baijiaju1990@...il.com, stable@...r.kernel.org Subject: Re: [PATCH v2] [SCSI] esas2r: fix possible array out-of-bounds caused by bad DMA value in esas2r_process_vda_ioctl() On Thu, 2024-11-07 at 22:16 +0800, Qiu-ji Chen wrote: > In line 1854 of the file esas2r_ioctl.c, the function > esas2r_process_vda_ioctl() is called with the parameter vi being > assigned the value of a->vda_buffer. On line 1892, a->vda_buffer is > stored in DMA memory with the statement a->vda_buffer = > dma_alloc_coherent(&a->pcid->dev, ..., indicating that the > parameter vi passed to the function is also stored in DMA memory. > This suggests that the parameter vi could be altered at any time by > malicious hardware. Absent a specific threat (such as TPM with an interposer) this isn't a vector the kernel protects against (we have to believe what hardware says unless we know it to be specifically buggy about something). However, even supposing a PCI Interposer were considered a threat, the answer now is hardware based: SPDM/PCI-IDE. Regards, James
Powered by blists - more mailing lists