| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <391ee227-54e2-475c-9811-710fa22687ef@gmail.com>
Date: Fri, 26 Sep 2025 15:17:02 +0100
From: "Colin King (gmail)" <colin.i.king@...il.com>
To: Wensheng Wang <wenswang@...h.net>, Guenter Roeck <linux@...ck-us.net>,
Noah Wang <wenswang@...h.net>, linux-hwmon@...r.kernel.org
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: re: hwmon: add MP2925 and MP2929 driver
Hi,
Static analysis on linux-next has found an issue in function
mp2925_write_word_data with the following commit:
commit b3a4efc88601cb5fc97b4ae23c478700a60302da
Author: Wensheng Wang <wenswang@...h.net>
Date: Thu Sep 18 16:06:03 2025 +0800
hwmon: add MP2925 and MP2929 driver
The issue is as follows:
case PMBUS_VOUT_OV_FAULT_LIMIT:
case PMBUS_VOUT_UV_FAULT_LIMIT:
ret = pmbus_write_word_data(client, page, reg,
(ret & ~GENMASK(11, 0)) |
FIELD_PREP(GENMASK(11, 0),
DIV_ROUND_CLOSEST(word *
MP2925_VOUT_OVUV_DIV,
MP2925_VOUT_OVUV_UINT)));
break;
The call to pmbus_write_word_data() is accessing variable ret via the
mask ~GENMASK(11, 0) however at this point ret has not been initialized
so it contains a garbage value.
Colin
Download attachment "OpenPGP_0x68C287DFC6A80226.asc" of type "application/pgp-keys" (4825 bytes)
Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (841 bytes)
Powered by blists - more mailing lists