Re: CVE-2023-52466: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()

From: Greg Kroah-Hartman
Date: Tue Feb 27 2024 - 08:44:31 EST

Next message: Catalin Marinas: "Re: [PATCH] vdso/datapage: Quick fix - use asm/page-def.h for ARM64"
Previous message: Christian Brauner: "Re: [RFC PATCH 11/20] famfs: Add fs_context_operations"
In reply to: Carlos López: "Re: CVE-2023-52466: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()"
Next in thread: Bjorn Helgaas: "Re: CVE-2023-52466: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 27, 2024 at 02:18:51PM +0100, Carlos López wrote:
>
> Hi,
>
> On 25/2/24 9:16, Greg Kroah-Hartman wrote:
> > There is no actual issue right now because we have another check afterwards
> > and the out-of-bounds read is not being performed. In any case it's better
> > code with this fixed, hence the proposed change.
>
> Given that there is no actual security issue this looks more like a
> hardening, and thus not deserving of a CVE, no?

This was a tricky one, I think it's needed as we do not know how people
are really using these macros, right? If the PCI maintainer agrees (on
the cc:), I'll be glad to revoke it, it's their call.

And thanks for the review, much appreciated!

greg k-h

Next message: Catalin Marinas: "Re: [PATCH] vdso/datapage: Quick fix - use asm/page-def.h for ARM64"
Previous message: Christian Brauner: "Re: [RFC PATCH 11/20] famfs: Add fs_context_operations"
In reply to: Carlos López: "Re: CVE-2023-52466: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()"
Next in thread: Bjorn Helgaas: "Re: CVE-2023-52466: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]