| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z_3_yrvxHBwY6LBn@smile.fi.intel.com> Date: Tue, 15 Apr 2025 09:42:18 +0300 From: Andy Shevchenko <andriy.shevchenko@...ux.intel.com> To: Zijun Hu <zijun_hu@...oud.com> Cc: Daniel Scally <djrscally@...il.com>, Heikki Krogerus <heikki.krogerus@...ux.intel.com>, Sakari Ailus <sakari.ailus@...ux.intel.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, Danilo Krummrich <dakr@...nel.org>, linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org, Zijun Hu <quic_zijuhu@...cinc.com> Subject: Re: [PATCH 2/2] software node: Correct a OOB check in software_node_get_reference_args() On Mon, Apr 14, 2025 at 07:12:27PM +0800, Zijun Hu wrote: > On 2025/4/14 16:08, Andy Shevchenko wrote: > > On Thu, Apr 10, 2025 at 09:12:12PM +0800, Zijun Hu wrote: > >> From: Zijun Hu <quic_zijuhu@...cinc.com> > >> > >> software_node_get_reference_args() wants to get @index-th element, so > >> the property value requires at least '(index + 1) * sizeof(*ref)' bytes. > >> > >> Correct the check to avoid OOB access. > > Any real traceback? > > no, find this issue during reading code. Please, mention this in the commit message. -- With Best Regards, Andy Shevchenko
Powered by blists - more mailing lists