lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 12 Jun 2024 17:20:11 +0000
From: Sunil Kovvuri Goutham <sgoutham@...vell.com>
To: Huai-Yuan Liu <qq810974084@...il.com>,
        "jes@...ined-monkey.org"
	<jes@...ined-monkey.org>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "edumazet@...gle.com" <edumazet@...gle.com>,
        "kuba@...nel.org"
	<kuba@...nel.org>,
        "pabeni@...hat.com" <pabeni@...hat.com>
CC: "linux-hippi@...site.dk" <linux-hippi@...site.dk>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "baijiaju1990@...il.com" <baijiaju1990@...il.com>
Subject: RE: [PATCH] hippi: fix possible buffer overflow caused by bad DMA
 value in rr_start_xmit()



>-----Original Message-----
>From: Huai-Yuan Liu <qq810974084@...il.com>
>Sent: Wednesday, June 12, 2024 3:02 PM
>To: jes@...ined-monkey.org; davem@...emloft.net; edumazet@...gle.com;
>kuba@...nel.org; pabeni@...hat.com
>Cc: linux-hippi@...site.dk; netdev@...r.kernel.org; linux-kernel@...r.kernel.org;
>baijiaju1990@...il.com; Huai-Yuan Liu <qq810974084@...il.com>
>Subject: [EXTERNAL] [PATCH] hippi: fix possible buffer overflow caused by bad DMA
>value in rr_start_xmit()
>
>The value rrpriv->info->tx_ctrl is stored in DMA memory, and it is assigned to txctrl,
>so txctrl->pi can be modified at any time by malicious hardware. Becausetxctrl->pi is
>assigned to index, buffer overflow may occur when the code
>
>The value rrpriv->info->tx_ctrl is stored in DMA memory, and it is assigned to txctrl,
>so txctrl->pi can be modified at any time by malicious hardware. Becausetxctrl->pi is
>assigned to index, buffer overflow may occur when the code "rrpriv-
>>tx_skbuff[index]" is executed.
>
>To address this issue, the index should be checked.
>
>Fixes: f33a7251c825 ("hippi: switch from 'pci_' to 'dma_' API")
>Signed-off-by: Huai-Yuan Liu <qq810974084@...il.com>
>---

LGTM
Reviewed-by: Sunil Goutham <sgoutham@...vell.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ