| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CY8PR11MB71349230AB9CF3347D333AC48948A@CY8PR11MB7134.namprd11.prod.outlook.com> Date: Thu, 10 Jul 2025 11:38:59 +0000 From: "Zhuo, Qiuxu" <qiuxu.zhuo@...el.com> To: Wang Haoran <haoranwangsec@...il.com>, "Luck, Tony" <tony.luck@...el.com>, "bp@...en8.de" <bp@...en8.de> CC: "linux-edac@...r.kernel.org" <linux-edac@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: RE: We found a bug in skx_common.c for the latest linux Hi Haoran, > From: Wang Haoran <haoranwangsec@...il.com> > [...] > Subject: We found a bug in skx_common.c for the latest linux > > Hi, my name is Wang Haoran. We found a bug in the skx_mce_output_error > function located in drivers/edac/skx_common.c in the latest Linux kernel > (version 6.15.5). > The issue arises from the use of snprintf to write into the buffer skx_msg, > which is allocated with size MSG_SIZE.The function formats multiple strings > into skx_msg, including the dynamically generated adxl_msg, which is also > allocated with MSG_SIZE. When combined with the format string "%s%s > err_code:0x%04x:0x%04x %s", the total output length may exceed MSG_SIZE. > As a result, the return value of snprintf may be greater than the actual buffer > size, which can lead to truncation issues or cause the > skx_show_retry_rd_err_log() function to fail unexpectedly. Do you have a dmesg log for the *issue* you described here? Thanks -Qiuxu
Powered by blists - more mailing lists