[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] i2c: pm_smbus: check smb_index before block tra
|
From: |
Michael Hanselmann |
|
Subject: |
Re: [Qemu-devel] [PATCH] i2c: pm_smbus: check smb_index before block transfer write |
|
Date: |
Thu, 6 Dec 2018 21:16:14 +0100 |
On 06.12.18 09:48, P J P wrote:
> While performing block transfer write in smb_ioport_writeb(),
> 'smb_index' is incremented and used to index smb_data[] array.
> Check 'smb_index' value to avoid OOB access.
>
> Reported-by: Michael Hanselmann <address@hidden>
Considering that Li Qiang had already published his exploit for a couple
of hours (at the time of writing the URL is returning an HTTP 404 though
I'd seen it earlier) and with the patch being public I decided to also
publish my report:
https://hansmi.ch/articles/2018-12-qemu-pm-smbus-oob
I'd like to thank Prasad and his colleagues at Red Hat for the quick
response to my report (patch committed within less than 18 hours).
Best regards,
Michael
--
https://hansmi.ch/
signature.asc
Description: OpenPGP digital signature
- Re: [Qemu-devel] [PATCH] i2c: pm_smbus: check smb_index before block transfer write, (continued)
Re: [Qemu-devel] [PATCH] i2c: pm_smbus: check smb_index before block transfer write, li qiang, 2018/12/06
Re: [Qemu-devel] [PATCH] i2c: pm_smbus: check smb_index before block transfer write, Michael Hanselmann, 2018/12/06
Re: [Qemu-devel] [PATCH] i2c: pm_smbus: check smb_index before block transfer write,
Michael Hanselmann <=