linux.git - Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

diff options

author	Alex Williamson <alex.williamson@redhat.com>	2025-01-22 10:38:30 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-02-01 18:39:38 +0100
commit	a20fcaa230f7472456d12cf761ed13938e320ac3 (patch)
tree	bebaed0e250ac8462110849e93d3bf4ed0f3d2b2 /drivers/scsi
parent	780ab8329672464984cf1344bd5c3993af0226c7 (diff)
download	linux-a20fcaa230f7472456d12cf761ed13938e320ac3.tar.gz linux-a20fcaa230f7472456d12cf761ed13938e320ac3.tar.bz2 linux-a20fcaa230f7472456d12cf761ed13938e320ac3.zip

vfio/platform: check the bounds of read/write syscalls

commit ce9ff21ea89d191e477a02ad7eabf4f996b80a69 upstream. count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out of bounds of the device. Fixes: 6e3f26456009 (“vfio/platform: read and write support for the device fd”) Cc: stable@vger.kernel.org Reported-by: Mostafa Saleh <smostafa@google.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Mostafa Saleh <smostafa@google.com> Tested-by: Mostafa Saleh <smostafa@google.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'drivers/scsi')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: