| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4670491.LvFx2qVVIh@ripper>
Date: Mon, 04 Aug 2025 10:18:53 +0200
From: Sven Eckelmann <sven@...fation.org>
To: chris.packham@...iedtelesis.co.nz, Alex Guo <alexguo1023@...il.com>
Cc: alexguo1023@...il.com, andi.shyti@...nel.org, linux-i2c@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject:
Re: [PATCH] i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer
On Monday, 16 June 2025 01:52:48 CEST Alex Guo wrote:
> The data->block[0] variable comes from user. Without proper check,
> the variable may be very large to cause an out-of-bounds bug.
>
> Fix this bug by checking the value of data->block[0] first.
>
> Similar commit:
> 1. commit 39244cc7548 ("i2c: ismt: Fix an out-of-bounds bug in
> ismt_access()")
> 2. commit 92fbb6d1296 ("i2c: xgene-slimpro: Fix out-of-bounds
> bug in xgene_slimpro_i2c_xfer()")
[...]
Please correct me but it looks like this fix was not yet applied to the tree.
But Chris Packham pointed out that this conflicts with my fixes for SMBUS/
SMBUS_I2C.
I would like to add my patchset on top of this (to avoid problems with stable
submission) and add the Fixes: and Cc: stable@...r.kernel.org.
I hope it is ok for you when I would pick this up. I would resubmit the fixes
patchset this evening (GMT+2).
You can preview it at
https://git.open-mesh.org/linux-merge.git/log/?h=b4/i2c-rtl9300-multi-byte
Kind regards,
Sven
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists