lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0af1c796-aa08-4284-ae6b-470fa75799b5@huawei.com>
Date: Thu, 6 Mar 2025 21:41:41 +0800
From: "zhangjianhua (E)" <chris.zjh@...wei.com>
To: Greg KH <gregkh@...uxfoundation.org>
CC: <cve@...nel.org>, <linux-cve-announce@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>, "youbowen (A)" <youbowen2@...wei.com>
Subject: Re: CVE-2022-49623: powerpc/xive/spapr: correct bitmap allocation
 size

Hi Greg,

The commit message of this patch show that it occurs out-of-bounds of 
xibm->bitmap,the reason is that the allocated object can be smaller than 
sizeof(long) while bits is small.

However, it is incorrect.  The kzalloc interface allocates memory in the 
unit of byte while bitmap_zalloc does based on the number of bits after 
rounded up, the space allocated by the kzalloc is not less than that 
allocated by the bitmap_zalloc. Therefore, replacing the kzalloc with 
the bitmap_zalloc does not solve the problem. In fact, the problem of 
out-of-bounds access does not exist. For instance the xibm->count is 
3,kzalloc and bitmap_zalloc both return 8 bytes,it's enough for all 
bitmap. Although using the kzalloc wastes some memory, it does not 
create any real problems.

Maybe this CVE should be rejected?


Jianhua Zhang

Best regards.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ