| commit | 7415e491350efbbbae38329dd16ecd79204ebe04 | [log] [tgz] |
|---|---|---|
| author | Kees Cook <kees@kernel.org> | Mon Aug 04 08:40:27 2025 -0700 |
| committer | Kevin Berry <kpberry@google.com> | Fri Sep 05 15:35:07 2025 -0700 |
| tree | 76b1fa75cf5f600604f1302d6c7cef106624d293 | |
| parent | 628bf4c0c4ef07eb4b784594341f6a46025c4a7b [diff] |
iommu/amd: Avoid stack buffer overflow from kernel cmdline [ Upstream commit 8503d0fcb1086a7cfe26df67ca4bd9bd9e99bdec ] While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximum length. BUG=b/441465778 TEST=presubmit RELEASE_NOTE=Fixed CVE-2025-38676 in the Linux kernel. cos-patch: security-moderate Reported-by: Simcha Kosman <simcha.kosman@cyberark.com> Closes: https://lore.kernel.org/all/AS8P193MB2271C4B24BCEDA31830F37AE84A52@AS8P193MB2271.EURP193.PROD.OUTLOOK.COM Fixes: b6b26d86c61c ("iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter") Change-Id: I2b181b13cac1e83b30b8a6834907f8b5e89bb44e Signed-off-by: Kees Cook <kees@kernel.org> Reviewed-by: Ankit Soni <Ankit.Soni@amd.com> Link: https://lore.kernel.org/r/20250804154023.work.970-kees@kernel.org Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Kevin Berry <kpberry@google.com> Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/110662 Reviewed-by: Miri Amarilio <mirilio@google.com> Reviewed-by: Shuo Yang <gshuoy@google.com> Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>