[PATCH] mtd: rawnand: intel: Fix potential buffer overflow in probe
Miquel Raynal
miquel.raynal at bootlin.com
Tue Sep 14 10:39:16 PDT 2021
On Fri, 2021-09-03 at 08:26:53 UTC, Evgeny Novikov wrote:
> ebu_nand_probe() read the value of u32 variable "cs" from the device
> firmware description and used it as the index for array ebu_host->cs
> that can contain MAX_CS (2) elements at most. That could result in
> a buffer overflow and various bad consequences later.
>
> Fix the potential buffer overflow by restricting values of "cs" with
> MAX_CS in probe.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Fixes: 0b1039f016e8 ("mtd: rawnand: Add NAND controller support on Intel LGM SoC")
> Signed-off-by: Evgeny Novikov <novikov at ispras.ru>
> Co-developed-by: Kirill Shilimanov <kirill.shilimanov at huawei.com>
> Signed-off-by: Kirill Shilimanov <kirill.shilimanov at huawei.com>
> Co-developed-by: Anton Vasilyev <vasilyev at ispras.ru>
> Signed-off-by: Anton Vasilyev <vasilyev at ispras.ru>
Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git nand/next, thanks.
Miquel
More information about the linux-mtd
mailing list