Re: Cip-kernel-sec Updates for Week of 2021-05-05


Chen-Yu Tsai (Moxa) <wens@...>
 

On Wed, May 5, 2021 at 4:34 PM Pavel Machek <pavel@denx.de> wrote:

Hi!

- CVE-2021-31916 [md: dm_ioctl: out-of-bounds array access] - fixed
Likely needs backport to 4.9 and earlier.
Backport is trivial in this case.

Additionally, one old CVE is now fixed:
- CVE-2020-26541
This is UEFI secure boot, and it is more of "implement missing
blacklist functionality" than a bugfix.

If someone uses secure boot on UEFI, we may need to do this, but
perhaps noone is doing that.
No idea. All the servers I touched at work were still booting via
legacy BIOS. Mind you that these were old servers. The latest machine
we have, an AMD EPYC 7002, is UEFI only. I never looked at the
settings though.

ChenYu

Best regards,
Pavel

diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index eab3f7325e31..a6e6a852c9e8 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -524,7 +524,7 @@ static int list_devices(struct dm_ioctl *param, size_t param_size)
* Grab our output buffer.
*/
nl = get_result_buffer(param, param_size, &len);
- if (len < needed) {
+ if (len < needed || len < sizeof(nl->dev)) {
param->flags |= DM_BUFFER_FULL_FLAG;
goto out;
}

Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Join cip-dev@lists.cip-project.org to automatically receive all group messages.