| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6r6vbagr23kf5qyfmnmy7hkdljvu73sgakalqmbmdodf5rf4e2@fld6reoqfz5p> Date: Tue, 15 Jul 2025 23:58:49 +0200 From: Andi Shyti <andi.shyti@...nel.org> To: Wolfram Sang <wsa+renesas@...g-engineering.com> Cc: Alex Guo <alexguo1023@...il.com>, conor.dooley@...rochip.com, daire.mcnamara@...rochip.com, linux-riscv@...ts.infradead.org, linux-i2c@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] i2c: busses: Fix out-of-bounds bug in mchp_corei2c_smbus_xfer Hi Wolfram, On Sat, Jun 28, 2025 at 10:09:48PM +0200, Wolfram Sang wrote: > On Sun, Jun 15, 2025 at 07:49:19PM -0400, Alex Guo wrote: > > The data->block[0] variable comes from user. Without proper check, > > the variable may be very large to cause an out-of-bounds bug. > > Okay, okay, instead of adding these limits to all these drivers, let me > start adding SMBus3 support to the kernel which allows for bigger block > sizes. I probably won't have time to export this to user space yet, but > let's at least make sure the kernel, and thus the drivers, won't suffer > from buffer overflows anymore. in the meantime, what should i do with all these patches? They are not wrong and I agree that we need to work on the i2c core. Besides having something like this might help all those drivers using i2c by removing the need for their own specific i2c_read/write methods. Some times ago I started working on this and I have it still laying around in one of my branches. If you haven'd done much progress, i can bring it to life. Andi
Powered by blists - more mailing lists