| commit | 251d4a8789b175c70dd0bc30d661571ca4535092 | [log] [tgz] |
|---|---|---|
| author | Kees Cook <kees@kernel.org> | Mon Aug 04 08:40:27 2025 -0700 |
| committer | Kevin Berry <kpberry@google.com> | Fri Sep 05 16:27:13 2025 -0700 |
| tree | 6f6afc41889d10606c9d70ac4378bf563ac52c1c | |
| parent | 349adb10644be95ea6fb0655ecd045ebe57b91c1 [diff] |
iommu/amd: Avoid stack buffer overflow from kernel cmdline [ Upstream commit 8503d0fcb1086a7cfe26df67ca4bd9bd9e99bdec ] While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximum length. BUG=b/441465912 TEST=presubmit RELEASE_NOTE=Fixed CVE-2025-38676 in the Linux kernel. cos-patch: security-moderate Reported-by: Simcha Kosman <simcha.kosman@cyberark.com> Closes: https://lore.kernel.org/all/AS8P193MB2271C4B24BCEDA31830F37AE84A52@AS8P193MB2271.EURP193.PROD.OUTLOOK.COM Fixes: b6b26d86c61c ("iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter") Change-Id: I2ee31c6ef89e19377584cfa1adffab64f1cdd57b Signed-off-by: Kees Cook <kees@kernel.org> Reviewed-by: Ankit Soni <Ankit.Soni@amd.com> Link: https://lore.kernel.org/r/20250804154023.work.970-kees@kernel.org Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Kevin Berry <kpberry@google.com> Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/110664 Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com> Reviewed-by: Miri Amarilio <mirilio@google.com> Reviewed-by: Shuo Yang <gshuoy@google.com>