Re: Fwd: [PATCH] Size can be any value and is user controlled resulting in overwriting the 40 byte array wr_buf with an arbitrary length of data from buf.

"T. Williams" <tdwilliamsiv@xxxxxxxxx> · Tue, 12 Oct 2021 16:41:56 -0400

Should I resubmit the patch email with correct formatting? MITRE assigned this bug as CVE-2021-42327. Does AMD/kernel do public vulnerability reports? Do I need to email someone else or something(sorry for dumb questions this is my first time doing this and I don't know what to do)? 
I am trying to do step 11 from here: https://cve.mitre.org/cve/researcher_reservation_guidelines.

On Tue, Oct 12, 2021 at 3:18 AM Christian König <ckoenig.leichtzumerken@xxxxxxxxx> wrote:

    Am 11.10.21 um 22:24 schrieb T. Williams:

          ---------- Forwarded message
            ---------

            From: docfate111
            <tdwilliamsiv@xxxxxxxxx>

            Date: Mon, Oct 11, 2021 at 4:22 PM

            Subject: [PATCH] Size can be any value and is user
            controlled resulting in overwriting the 40 byte array wr_buf
            with an arbitrary length of data from buf.

            To: <dri-devel@xxxxxxxxxxxxxxxxxxxxx>

            Cc: <harry.wentland@xxxxxxx>,
            <sunpeng.li@xxxxxxx>

          Signed-off-by: docfate111 <tdwilliamsiv@xxxxxxxxx>

    While the find might be correct there are a couple of style problems
    with the patch.

    First of all the subject line must be shorter and should be
    something like "drm/amdgpu: fix out of bounds write".

    The detailed description of the bug then comes into the commit
    message.

    And finally please use your real name for the Signed-off-by line.

    Apart from that good catch,

    Christian.

          ---

           drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2
          +-

           1 file changed, 1 insertion(+), 1 deletion(-)

          diff --git
          a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
          b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c

          index 87daa78a32b8..17f2756a64dc 100644

          ---
          a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c

          +++
          b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c

          @@ -263,7 +263,7 @@ static ssize_t
          dp_link_settings_write(struct file *f, const char __user *buf,

                  if (!wr_buf)

                          return -ENOSPC;

          -       if (parse_write_buffer_into_params(wr_buf, size,

          +       if (parse_write_buffer_into_params(wr_buf,
          wr_buf_size,

                                                     (long *)param, buf,

                                                     max_param_num,

                                                     &param_nums)) {

          -- 

          2.25.1

        -- 

            Thank you for your time,

            Thelford Williams

-- 
Thank you for your time,
Thelford Williams