On Tue, Oct 12, 2021 at 4:45 PM T. Williams <tdwilliamsiv@xxxxxxxxx> wrote: > > Should I resubmit the patch email with correct formatting? MITRE assigned this bug as CVE-2021-42327. Does AMD/kernel do public vulnerability reports? Do I need to email someone else or something(sorry for dumb questions this is my first time doing this and I don't know what to do)? > I am trying to do step 11 from here: https://cve.mitre.org/cve/researcher_reservation_guidelines. Just resend the fixed up patch using git-send-email and we'll apply it. Alex > > On Tue, Oct 12, 2021 at 3:18 AM Christian König <ckoenig.leichtzumerken@xxxxxxxxx> wrote: >> >> Am 11.10.21 um 22:24 schrieb T. Williams: >> >> >> >> ---------- Forwarded message --------- >> From: docfate111 <tdwilliamsiv@xxxxxxxxx> >> Date: Mon, Oct 11, 2021 at 4:22 PM >> Subject: [PATCH] Size can be any value and is user controlled resulting in overwriting the 40 byte array wr_buf with an arbitrary length of data from buf. >> To: <dri-devel@xxxxxxxxxxxxxxxxxxxxx> >> Cc: <harry.wentland@xxxxxxx>, <sunpeng.li@xxxxxxx> >> >> >> Signed-off-by: docfate111 <tdwilliamsiv@xxxxxxxxx> >> >> >> While the find might be correct there are a couple of style problems with the patch. >> >> First of all the subject line must be shorter and should be something like "drm/amdgpu: fix out of bounds write". >> >> The detailed description of the bug then comes into the commit message. >> >> And finally please use your real name for the Signed-off-by line. >> >> Apart from that good catch, >> Christian. >> >> --- >> drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c >> index 87daa78a32b8..17f2756a64dc 100644 >> --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c >> +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c >> @@ -263,7 +263,7 @@ static ssize_t dp_link_settings_write(struct file *f, const char __user *buf, >> if (!wr_buf) >> return -ENOSPC; >> >> - if (parse_write_buffer_into_params(wr_buf, size, >> + if (parse_write_buffer_into_params(wr_buf, wr_buf_size, >> (long *)param, buf, >> max_param_num, >> ¶m_nums)) { >> -- >> 2.25.1 >> >> >> >> -- >> Thank you for your time, >> Thelford Williams >> >> > > > -- > Thank you for your time, > Thelford Williams
