| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aSDBRdt84f2O0Anp@horms.kernel.org>
Date: Fri, 21 Nov 2025 19:45:09 +0000
From: Simon Horman <horms@...nel.org>
To: flynnnchen(陈天楚) <flynnnchen@...cent.com>
Cc: krzk <krzk@...nel.org>, netdev <netdev@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] nfc: port100: guard against incomplete USB frames
On Mon, Nov 17, 2025 at 12:22:15PM +0800, flynnnchen(陈天楚) wrote:
> Discovered by Atuin - Automated Vulnerability Discovery Engine.
>
> Validate that the URB payload is long enough for the frame header and the
> advertised data length before accessing it, so truncated transfers are
> rejected with -EIO, preventing the driver from reading out-of-bounds and
> leaking kernel memory to USB devices.
>
> Signed-off-by: Tianchu Chen <flynnnchen@...cent.com>
Thanks,
FWIIW, I agree with your analysis and solution.
I would add a fixes tag, as it is a fix for code present in the
net tree.
Perhaps this one: this seems to be the commit where the problem
was introduced.
Fixes: 0347a6ab300a ("NFC: port100: Commands mechanism implementation")
And it would be best to explicitly target such a fix at the net
tree, like this:
Subject: [PATCH net] ...
On a process note, as the from address of your email doesn't match
the Signed-off-by line, I think it would be best to include a From:
line at the very beginning of the commit message, with your name
matching the Signed-off-by line.
i.e.
From: Tianchu Chen <flynnnchen@...cent.com>
But over all this looks good to me.
Reviewed-by: Simon Horman <horms@...nel.org>
Powered by blists - more mailing lists