[PATCH] firmware: arm_scmi: Fix OOB in scmi_power_name_get()
Dan Carpenter
error27 at gmail.com
Fri May 15 04:36:15 PDT 2026
On Fri, May 15, 2026 at 01:29:27PM +0200, Geert Uytterhoeven wrote:
> Hi Dan,
>
> On Fri, 15 May 2026 at 12:28, Dan Carpenter <error27 at gmail.com> wrote:
> > On Fri, May 15, 2026 at 11:59:15AM +0200, Geert Uytterhoeven wrote:
> > > scmi_power_name_get() does not validate the domain number passed by the
> > > external caller, which may lead to an out-of-bounds access.
> >
> > Is an external caller an out of tree caller? So far as I can see this
>
> I meant a caller outside drivers/firmware/arm_scmi/.
>
> > is only called by scmi_pm_domain_probe().
> >
> > scmi_pd->name = power_ops->name_get(ph, i);
> >
> > where i < num_domains.
>
> You are right. But this seems to be only API implementation in
> drivers/firmware/arm_scmi/ that does not validate the passed domain
> number.
I don't have a problem with the patch but I don't think it should have
a Fixes tag.
regards,
dan carpenter
More information about the linux-arm-kernel
mailing list