If a TPM is attached to a system via a serial bus on a platform that
suffers bit flips, we can get back dangerously wrong data. This patch
series aims never to do a direct copy into a kernel buffer based on an
unchecked size value returned from the TPM.
Jeremy Boone (2):
tpm: fix potential buffer overruns caused by bit glitches on the bus
tpm drivers: fix potential buffer overruns caused by bit glitches on
the bus
drivers/char/tpm/st33zp24/st33zp24.c | 4 ++--
drivers/char/tpm/tpm-interface.c | 1 +
drivers/char/tpm/tpm2-cmd.c | 4 ++++
drivers/char/tpm/tpm_i2c_infineon.c | 5 +++--
drivers/char/tpm/tpm_i2c_nuvoton.c | 5 +++--
drivers/char/tpm/tpm_tis_core.c | 5 +++--
6 files changed, 16 insertions(+), 8 deletions(-)
--
2.12.3
