| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <19e13479-861a-479c-8f5e-b9db229bfe38@nvidia.com> Date: Thu, 16 Oct 2025 18:39:29 +0300 From: Moshe Shemesh <moshe@...dia.com> To: Breno Leitao <leitao@...ian.org> CC: <saeedm@...dia.com>, <itayavr@...dia.com>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <dcostantino@...a.com>, <kuba@...nel.org> Subject: Re: mlx5: CX7: fw_tracer: crash at mlx5_tracer_print_trace() On 10/15/2025 3:26 PM, Breno Leitao wrote: > > Hello Moshe, > > On Wed, Oct 15, 2025 at 12:13:29PM +0300, Moshe Shemesh wrote: >> On 10/9/2025 3:42 PM, Breno Leitao wrote: >>> >>> My understanding that we are printf %s with params[0], which is 557514328 (aka >>> 0x213afe58). So, sprintf is trying to access the content of 0x213afe58, which >>> is invalid, and crash. >>> >>> Is this a known issue? >> >> Not a known issue, not expected, thanks for reporting. >> We will send patch to protect from such crash. > > Thanks. how do you plan to protect it? I understand that the string is > coming from the firmware and the kernel is just using it in snprintf. Is > it right? Yes, but FW should not use %s. Driver can check it. > >> Please send FW version it was detected on. > > `ethtool -i` outputs: > firmware-version: 28.44.2506 (FB_0000000030) Thanks. > > Thanks for your answer, > --breno
Powered by blists - more mailing lists