Re: [SECURITY] Samsung Exynos SROM: Out-of-bounds write via unchecked device tree bank parameter

Next message: Li Wang: "[PATCH v7 4/8] selftests/cgroup: rename PAGE_SIZE to BUF_SIZE in cgroup_util"
Previous message: Li Wang: "[PATCH v7 1/8] selftests/cgroup: skip test_zswap if zswap is globally disabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH

Date: Fri Apr 24 2026 - 00:02:18 EST

On Fri, Apr 24, 2026 at 04:40:47AM +0530, Saifuddin Kaijar wrote:
> Dear Linux Kernel Security Team,
>
> I am reporting a security vulnerability in the Samsung Exynos SROM driver.
>
> SUMMARY:
> Out-of-bounds MMIO write due to missing validation of device tree bank
> parameter.
>
> COMPONENT:
> File: drivers/memory/samsung/exynos-srom.c
> Function: exynos_srom_configure_bank()
> Lines: 74-100
>
> AFFECTED VERSIONS:
> All kernels since 3.15 (2015) up to current mainline (6.12.1)
>
> SEVERITY:
> HIGH (CVSS 7.8: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
> CWE-787: Out-of-bounds Write
>
> DESCRIPTION:
> The driver reads 'bank' parameter from device tree without validation,
> then uses it as an offset for MMIO register writes:

device tree is trusted, so this isn't a valid security issue, or
probably even a bug at all, sorry.

If you wish to fix this, please just send a patch to the developer and
mailing list.

thanks,

greg k-h