From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtpout-04.galae.net (smtpout-04.galae.net [185.171.202.116])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id F08742BE05F;
	Tue, 21 Apr 2026 07:35:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.171.202.116
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1776756927; cv=none; b=pinWpyTVf6IwHw+X0sznqOS7MhiDYsAKHDwoe3PYHttpDJvmGCGMNB6nrWXebjGg5O6H9LlImkL+fHL7DMWd7xc+2M5luDvc/BGQeaf8c8PF7+9eXkxN3DSq5QQDum40YEaxYtWuUZ8Pj0PORYJ6RyH5h0MDM7PWz0hPpe8Yey4=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1776756927; c=relaxed/simple;
	bh=tjDRDh3IFRsUTJociGMi2a37LGpLwz5EHWQZhwlDXuk=;
	h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID:
	 MIME-Version:Content-Type; b=HyvaYD4RzllPM2IU12CN4QPhzyMbY71Ht8DCwSA4CRwUO+jBZ2gDRJc8KmNCIUHEN1ru+BRIzYAdCq+JVq97FVSGyOxNkRKNvaOVaclW54TxNahkoLAaC7Euxca1cWJl5TcwuM9GvAGqVTwoPqzHCx0yZ3d0MrWuSF7kunPwaaE=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=bootlin.com; spf=pass smtp.mailfrom=bootlin.com; dkim=pass (2048-bit key) header.d=bootlin.com header.i=@bootlin.com header.b=uhy0t4T1; arc=none smtp.client-ip=185.171.202.116
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=bootlin.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=bootlin.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=bootlin.com header.i=@bootlin.com header.b="uhy0t4T1"
Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233])
	by smtpout-04.galae.net (Postfix) with ESMTPS id 91D78C5C9A6;
	Tue, 21 Apr 2026 07:36:04 +0000 (UTC)
Received: from mail.galae.net (mail.galae.net [212.83.136.155])
	by smtpout-01.galae.net (Postfix) with ESMTPS id 5938F600D2;
	Tue, 21 Apr 2026 07:35:24 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id DD0EA1046093A;
	Tue, 21 Apr 2026 09:35:20 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim;
	t=1776756923; h=from:subject:date:message-id:to:cc:mime-version:content-type:
	 content-transfer-encoding:in-reply-to:references;
	bh=tjDRDh3IFRsUTJociGMi2a37LGpLwz5EHWQZhwlDXuk=;
	b=uhy0t4T1BIHFXIp8/Zxc/fi1FZ/u4Uk/IJrJNO9pHGIXTBiC6RsEslNnnn+K2E/+na+vny
	O/pe0fZpZ0kFg7ff4OXC+4KLr0kB3aCxPrfrGmzPsT4Au2eCoezwdXZ+8Wthf1VHs2ItL2
	WttOFoh96fBJJncDn3rG14ak9b9D/KwjzlHkdhXK2MyNYvquGlC3/YWZHjj9iLUv4aGu+b
	5M4OSSEMpREAMjyOElrHunp9BScFmx7ZQTcusLvUQ6nLlT9kxNWZKYiU7Cy9vW6PW+P02+
	GayWVztPWZzdz2Fqnru0z+q7Y2A8MKxNPC6LN2Ag+gA5lLDABq5Ikqoy1OXlfQ==
From: Miquel Raynal <miquel.raynal@bootlin.com>
To: Tudor Ambarus <tudor.ambarus@linaro.org>
Cc: Pratyush Yadav <pratyush@kernel.org>,  Michael Walle
 <mwalle@kernel.org>,  Takahiro Kuwano <takahiro.kuwano@infineon.com>,
  Richard Weinberger <richard@nod.at>,  Vignesh Raghavendra
 <vigneshr@ti.com>,  Pratyush Yadav <p.yadav@ti.com>,  Michael Walle
 <michael@walle.cc>,  linux-mtd@lists.infradead.org,
  linux-kernel@vger.kernel.org,  stable@vger.kernel.org
Subject: Re: [PATCH] mtd: spi-nor: debugfs: fix out-of-bounds read in
 spi_nor_params_show()
In-Reply-To: <20260417-fix-oob-read-spi-nor-v1-1-2132e61a684a@linaro.org>
	(Tudor Ambarus's message of "Fri, 17 Apr 2026 15:24:39 +0000")
References: <20260417-fix-oob-read-spi-nor-v1-1-2132e61a684a@linaro.org>
User-Agent: mu4e 1.12.7; emacs 30.2
Date: Tue, 21 Apr 2026 09:35:20 +0200
Message-ID: <87jyu07olj.fsf@bootlin.com>
Precedence: bulk
X-Mailing-List: stable@vger.kernel.org
List-Id: <stable.vger.kernel.org>
List-Subscribe: <mailto:stable+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:stable+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Last-TLS-Session-Version: TLSv1.3

Hi Tudor,

On 17/04/2026 at 15:24:39 GMT, Tudor Ambarus <tudor.ambarus@linaro.org> wro=
te:

> Sashiko noticed an out-of-bounds read [1].

[...]

> Cc: stable@vger.kernel.org
> Fixes: 0257be79fc4a ("mtd: spi-nor: expose internal parameters via debugf=
s")
> Closes: https://sashiko.dev/#/patchset/20260417-die-erase-fix-v2-1-73bb70=
04ebad%40infineon.com [1]
> Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
> ---
> We shall assign a CVE to this. I'll look into how next week.

They are assigned automatically to every fix, no?

If spi-nor folks want to ack, I might take it through an mtd/fixes PR.

Thanks,
Miqu=C3=A8l