*** BLURB HERE ***
Jia Jie Ho (1): crypto: starfive - Do not free stack buffer
drivers/crypto/starfive/jh7110-rsa.c | 1 - 1 file changed, 1 deletion(-)
From: Jia Jie Ho jiajie.ho@starfivetech.com
mainline inclusion from mainline-v6.10-rc commit d7f01649f4eaf1878472d3d3f480ae1e50d98f6c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAB05M CVE: CVE-2024-39478
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
----------------------------------------------------------------------
RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations.
Cc: stable@vger.kernel.org #6.7+ Signed-off-by: Jia Jie Ho jiajie.ho@starfivetech.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: Chen Ridong chenridong@huawei.com --- drivers/crypto/starfive/jh7110-rsa.c | 1 - 1 file changed, 1 deletion(-)
diff --git a/drivers/crypto/starfive/jh7110-rsa.c b/drivers/crypto/starfive/jh7110-rsa.c index f31bbd825f88..fb1a99072dcf 100644 --- a/drivers/crypto/starfive/jh7110-rsa.c +++ b/drivers/crypto/starfive/jh7110-rsa.c @@ -299,7 +299,6 @@ static int starfive_rsa_enc_core(struct starfive_cryp_ctx *ctx, int enc)
err_rsa_crypt: writel(STARFIVE_RSA_RESET, cryp->base + STARFIVE_PKA_CACR_OFFSET); - kfree(rctx->rsa_data); return ret; }
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/9878 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/B...
FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/9878 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/B...
-
Chen Ridong -
patchwork bot