In read_handle(), of_get_address() may return NULL which is later dereferenced. Fix this by adding NULL check.
Cc: stable@vger.kernel.org Fixes: 14baf4d9c739 ("cxl: Add guest-specific code") Signed-off-by: Ma Ke make24@iscas.ac.cn --- Changes in v2: - The potential vulnerability was discovered as follows: based on our customized static analysis tool, extract vulnerability features[1], and then match similar vulnerability features in this function. - Reference link: [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... --- drivers/misc/cxl/of.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/cxl/of.c b/drivers/misc/cxl/of.c index bcc005dff1c0..d8dbb3723951 100644 --- a/drivers/misc/cxl/of.c +++ b/drivers/misc/cxl/of.c @@ -58,7 +58,7 @@ static int read_handle(struct device_node *np, u64 *handle)
/* Get address and size of the node */ prop = of_get_address(np, 0, &size, NULL); - if (size) + if (!prop || size) return -EINVAL;
/* Helper to read a big number; size is in cells (not bytes) */
On Wed, Jul 10, 2024 at 06:33:52PM +0800, Ma Ke wrote:
In read_handle(), of_get_address() may return NULL which is later dereferenced. Fix this by adding NULL check.
Cc: stable@vger.kernel.org Fixes: 14baf4d9c739 ("cxl: Add guest-specific code") Signed-off-by: Ma Ke make24@iscas.ac.cn
Changes in v2:
- The potential vulnerability was discovered as follows: based on our
customized static analysis tool, extract vulnerability features[1], and then match similar vulnerability features in this function.
You need to follow the rules outlined in Documentation/process/researcher-guidelines.rst when doing stuff like this. Otherwise all of your patches will have to be rejected.
Please fix up the changelog text of all of the patches you have submitted recently to follow those rules.
thanks,
greg k-h
…
- The potential vulnerability was discovered as follows: based on our
customized static analysis tool,
I became curious in which time range further corresponding information will be published.
extract vulnerability features[1],
Various software corrections were published through the years.
Several error (or weakness) categories are known already. https://cwe.mitre.org/ https://wiki.sei.cmu.edu/confluence/display/c/
and then match similar vulnerability features in this function.
- Reference link:
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
Another reference format can be helpful also for the commit c534b63bede6cb987c2946ed4d0b0013a52c5ba7 ("drm: vc4: Fix possible null pointer dereference") from 2024-04-15.
Regards, Markus
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Ma Ke -
Markus Elfring