Re: [PATCH] scsi: ufs: Fix memory corruption by ufshcd_read_desc_param()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 19 Jul 2021 16:11:22 -0700, Bart Van Assche wrote:

> If param_offset > buff_len then the memcpy() statement in
> ufshcd_read_desc_param() corrupts memory since it copies
> 256 + buff_len - param_offset bytes into a buffer with size buff_len.
> Since param_offset < 256 this results in writing past the bound of the
> output buffer.

Applied to 5.14/scsi-fixes, thanks!

[1/1] scsi: ufs: Fix memory corruption by ufshcd_read_desc_param()
      https://git.kernel.org/mkp/scsi/c/b1d5de8c6ea2

-- 
Martin K. Petersen	Oracle Linux Engineering
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux