Re: [PATCH 1/2] x86/setup_data: validate indirect entry sizes before dereferencing them

Next message: Anuj gupta: "Re: [PATCH 0/6] block: fix integrity offset/length conversions"
Previous message: tip-bot2 for Yazen Ghannam: " [tip: ras/urgent] x86/mce/amd: Filter bogus hardware errors on Zen3 clients"
In reply to: Pengpeng Hou: "Re: [PATCH 1/2] x86/setup_data: validate indirect entry sizes before dereferencing them"
Next in thread: H. Peter Anvin: "Re: [PATCH 1/2] x86/setup_data: validate indirect entry sizes before dereferencing them"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Borislav Petkov

Date: Sun Apr 05 2026 - 07:07:24 EST

On Sun, Apr 05, 2026 at 09:40:00AM +0800, Pengpeng Hou wrote:
> I think that is worth handling because `setup_data` is still external boot
> input to the kernel. It can come not only from a normal bootloader path, but
> also from kexec-style handoff and virtualized boot flows.

I'm asking you to explain the attack vector in detail. In which of those
examples don't you need physical access to the machine and root?

IOW, what scenario exactly are we protecting here against?

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette