Re: CVE-2023-52466: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()

From: Carlos López
Date: Tue Feb 27 2024 - 08:19:23 EST

Next message: Ilias Apalodimas: "Re: [PATCH v2 2/2] efi/libstub: Add get_event_log() support for CC platforms"
Previous message: Ilpo Järvinen: "Re: [PATCH 0/2] platform/mellanox: mlxbf-pmc: Fix module loading"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2023-52466: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On 25/2/24 9:16, Greg Kroah-Hartman wrote:

There is no actual issue right now because we have another check afterwards
and the out-of-bounds read is not being performed. In any case it's better
code with this fixed, hence the proposed change.

Given that there is no actual security issue this looks more like a
hardening, and thus not deserving of a CVE, no?

Best,
Carlos

--
Carlos López
Security Engineer
SUSE Software Solutions

Next message: Ilias Apalodimas: "Re: [PATCH v2 2/2] efi/libstub: Add get_event_log() support for CC platforms"
Previous message: Ilpo Järvinen: "Re: [PATCH 0/2] platform/mellanox: mlxbf-pmc: Fix module loading"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2023-52466: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]