On Fri, Dec 12, 2025 at 04:19:59PM +0800, Chen Yu wrote:
From: Sergey Shtylyov s.shtylyov@omp.ru
[ Upstream commit f5d8a5fe77ce933f53eb8f2e22bb7a1a2019ea11 ]
sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead.
Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
Signed-off-by: Sergey Shtylyov s.shtylyov@omp.ru Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/717729b2-d65b-c72e-9fac-471d28d00b5a@omp.ru Signed-off-by: Ulf Hansson ulf.hansson@linaro.org Signed-off-by: Chen Yu xnguchen@sina.cn
drivers/mmc/core/bus.c | 9 +++++---- drivers/mmc/core/bus.h | 3 ++- drivers/mmc/core/mmc.c | 16 ++++++++-------- drivers/mmc/core/sd.c | 25 ++++++++++++------------- drivers/mmc/core/sdio.c | 5 +++-- drivers/mmc/core/sdio_bus.c | 7 ++++--- 6 files changed, 34 insertions(+), 31 deletions(-)
Why is this needed for stable kernels? I see no real bugfix here, do you?