| Message ID | 20220218175023.18450-1-bartlomiej.zolnierkiewicz@canonical.com |
|---|---|
| Headers | show |
| Series | Fix for CVE-2021-43975 | expand |
On 18.02.22 18:50, Bartlomiej Zolnierkiewicz wrote: > [Impact] > In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in > drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an > attacker (who can introduce a crafted device) to trigger an out-of-bounds > write via a crafted length value. > > [Fix] > b922f622592a ("atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait") > > The fix was cherry picked clean and builds fine. > > [Potential regression] > This change is limited to the aquantia ethernet device driver and is already > present in Focal/Impish/Jammy kernels. > > > Zekun Shen (1): > atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait > > .../ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > Applied to bionic:linux/master-next. Thanks. -Stefan
[Impact] In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. [Fix] b922f622592a ("atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait") The fix was cherry picked clean and builds fine. [Potential regression] This change is limited to the aquantia ethernet device driver and is already present in Focal/Impish/Jammy kernels. Zekun Shen (1): atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait .../ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c | 10 ++++++++++ 1 file changed, 10 insertions(+)