| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250911090241.357151-1-i.abramov@mt-integration.ru>
Date: Thu, 11 Sep 2025 12:02:37 +0300
From: Ivan Abramov <i.abramov@...integration.ru>
To: Ard Biesheuvel <ardb@...nel.org>
CC: Ivan Abramov <i.abramov@...integration.ru>, Ingo Molnar
<mingo@...nel.org>, <linux-efi@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <lvc-project@...uxtesting.org>
Subject: [PATCH 1/1] efi: capsule-loader: Use proper type when allocating cap_info->phys
When allocating memory for cap_info->phys in __efi_capsule_setup_info(),
sizeof(phys_addr_t *) is used instead of sizeof(phys_addr_t), which may
differ in some cases.
It's a similar issue to CVE-2024-27413.
Thus, use the correct type.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: f24c4d478013 ("efi/capsule-loader: Reinstate virtual capsule mapping")
Signed-off-by: Ivan Abramov <i.abramov@...integration.ru>
---
drivers/firmware/efi/capsule-loader.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c
index 0c17bdd388e1..bbddeb6a0955 100644
--- a/drivers/firmware/efi/capsule-loader.c
+++ b/drivers/firmware/efi/capsule-loader.c
@@ -67,7 +67,7 @@ int __efi_capsule_setup_info(struct capsule_info *cap_info)
cap_info->pages = temp_page;
temp_page = krealloc(cap_info->phys,
- pages_needed * sizeof(phys_addr_t *),
+ pages_needed * sizeof(phys_addr_t),
GFP_KERNEL | __GFP_ZERO);
if (!temp_page)
return -ENOMEM;
--
2.39.5
Powered by blists - more mailing lists