On Mon, May 13, 2024 at 10:22:21AM +0100, Sudeep Holla wrote: > On Mon, May 13, 2024 at 09:38:37AM +0900, Dominique Martinet wrote: > > From: Cristian Marussi <cristian.marussi@xxxxxxx> > > > > [ Upstream commit e9076ffbcaed5da6c182b144ef9f6e24554af268 ] > > > > Accessing reset domains descriptors by the index upon the SCMI drivers > > requests through the SCMI reset operations interface can potentially > > lead to out-of-bound violations if the SCMI driver misbehave. > > > > Add an internal consistency check before any such domains descriptors > > accesses. > > > > Link: https://lore.kernel.org/r/20220817172731.1185305-5-cristian.marussi@xxxxxxx > > Signed-off-by: Cristian Marussi <cristian.marussi@xxxxxxx> > > Signed-off-by: Sudeep Holla <sudeep.holla@xxxxxxx> > > Signed-off-by: Dominique Martinet <dominique.martinet@xxxxxxxxxxxxxxxxx> > > --- > > This is the backport I promised for CVE-2022-48655[1] > > [1] https://lkml.kernel.org/r/Zj4t4q_w6gqzdvhz@xxxxxxxxxxxxx > > > > The backport looks good and thanks for doing that. Sometimes since we > know all the users are in the kernel, we tend to ignore the facts that > they need to be backport as this was considered as theoretical issue when > we pushed the fix. We try to keep that in mind and add fixes tag more > carefully in the future. Thanks for your effort and bring this to our > attention. Now queued up, thanks greg k-h
