lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aTGyLlHM2qv8KEDE@kbusch-mbp>
Date: Thu, 4 Dec 2025 09:09:18 -0700
From: Keith Busch <kbusch@...nel.org>
To: Eugene Korenevsky <ekorenevsky@...yun.com>
Cc: Jens Axboe <axboe@...nel.dk>, Christoph Hellwig <hch@....de>,
	Sagi Grimberg <sagi@...mberg.me>, linux-nvme@...ts.infradead.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4] nvme: nvme_identify_ns_descs: prevent oob

On Tue, Dec 02, 2025 at 09:22:13PM +0300, Eugene Korenevsky wrote:
> Broken or malicious controller can send invalid ns id.
> Out-of-band memory access may occur if remaining buffer size
> is less than .nidl (ns id length) field of `struct nvme_ns_id_desc`
> 
> Fix this issue by checking (header size + .nidl) against
> remaining buffer length.

Thanks, applied to nvme-6.19 with the line length wrap fixed up.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ