From: "Pavel Machek" <pavel@denx.de>
To: Chen-Yu Tsai <wens@csie.org>
Cc: cip-dev@lists.cip-project.org, Pavel Machek <pavel@denx.de>,
Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>,
masashi.kudo@cybertrust.co.jp
Subject: Re: [cip-dev] Cip-kernel-sec Updates for Week of 2021-05-05
Date: Wed, 5 May 2021 10:34:39 +0200 [thread overview]
Message-ID: <20210505083439.GC29521@amd> (raw)
In-Reply-To: <CAGb2v65PfUtwZX8c+W2Yygk3XTOTxfXU0SoFUjXUAh2wYuHmyA@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1097 bytes --]
Hi!
> - CVE-2021-31916 [md: dm_ioctl: out-of-bounds array access] - fixed
> Likely needs backport to 4.9 and earlier.
Backport is trivial in this case.
> Additionally, one old CVE is now fixed:
> - CVE-2020-26541
This is UEFI secure boot, and it is more of "implement missing
blacklist functionality" than a bugfix.
If someone uses secure boot on UEFI, we may need to do this, but
perhaps noone is doing that.
Best regards,
Pavel
diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index eab3f7325e31..a6e6a852c9e8 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -524,7 +524,7 @@ static int list_devices(struct dm_ioctl *param, size_t param_size)
* Grab our output buffer.
*/
nl = get_result_buffer(param, param_size, &len);
- if (len < needed) {
+ if (len < needed || len < sizeof(nl->dev)) {
param->flags |= DM_BUFFER_FULL_FLAG;
goto out;
}
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
[-- Attachment #2: Type: text/plain, Size: 428 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6427): https://lists.cip-project.org/g/cip-dev/message/6427
Mute This Topic: https://lists.cip-project.org/mt/82597445/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2021-05-05 8:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-05 4:36 [cip-dev] Cip-kernel-sec Updates for Week of 2021-05-05 Chen-Yu Tsai (Moxa)
2021-05-05 7:51 ` Pavel Machek
2021-05-05 7:56 ` Chen-Yu Tsai (Moxa)
2021-05-05 8:17 ` Pavel Machek
2021-05-05 8:34 ` Pavel Machek [this message]
2021-05-05 11:15 ` Chen-Yu Tsai (Moxa)
2021-06-18 2:21 ` 市川正美
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210505083439.GC29521@amd \
--to=pavel@denx.de \
--cc=cip-dev@lists.cip-project.org \
--cc=masashi.kudo@cybertrust.co.jp \
--cc=nobuhiro1.iwamatsu@toshiba.co.jp \
--cc=wens@csie.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox