[PATCH master 2/5] net: dsa: realtek: mdio: fix out-of-bounds memory write
Ahmad Fatoum
a.fatoum at pengutronix.de
Tue Mar 7 02:14:43 PST 2023
The SMI Realtek driver takes care of chip_data_sz as expected, but the
MDIO driver doesn't, leading to memory corruption. Fix this.
This issue is also present in the original Linux driver and will be fixed
there as well.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
drivers/net/realtek-dsa/realtek-mdio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/realtek-dsa/realtek-mdio.c b/drivers/net/realtek-dsa/realtek-mdio.c
index 7c26841d2fac..8b32c3cf539e 100644
--- a/drivers/net/realtek-dsa/realtek-mdio.c
+++ b/drivers/net/realtek-dsa/realtek-mdio.c
@@ -119,7 +119,7 @@ static int realtek_mdio_probe(struct phy_device *mdiodev)
if (!var)
return -EINVAL;
- priv = kzalloc(sizeof(*priv), GFP_KERNEL);
+ priv = kzalloc(sizeof(*priv) + var->chip_data_sz, GFP_KERNEL);
if (!priv)
return -ENOMEM;
--
2.30.2
More information about the barebox
mailing list