[PATCH v4] nvme: nvme_identify_ns_descs: prevent oob
Keith Busch
kbusch at kernel.org
Thu Dec 4 08:09:18 PST 2025
On Tue, Dec 02, 2025 at 09:22:13PM +0300, Eugene Korenevsky wrote:
> Broken or malicious controller can send invalid ns id.
> Out-of-band memory access may occur if remaining buffer size
> is less than .nidl (ns id length) field of `struct nvme_ns_id_desc`
>
> Fix this issue by checking (header size + .nidl) against
> remaining buffer length.
Thanks, applied to nvme-6.19 with the line length wrap fixed up.
More information about the Linux-nvme
mailing list