| commit | 3ede31daf134b398baf2cc20e2e1e5e955d022ec | [log] [tgz] |
|---|---|---|
| author | Kees Cook <kees@kernel.org> | Mon Aug 04 08:40:27 2025 -0700 |
| committer | Kevin Berry <kpberry@google.com> | Fri Sep 05 16:26:47 2025 -0700 |
| tree | dced339fc86e71923ba1ba494a3248aa7e34a19d | |
| parent | eb4b9a190d03ad9687c666e8d54b8cd6bfac4f6b [diff] |
iommu/amd: Avoid stack buffer overflow from kernel cmdline [ Upstream commit 8503d0fcb1086a7cfe26df67ca4bd9bd9e99bdec ] While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximum length. BUG=b/441465181 TEST=presubmit RELEASE_NOTE=Fixed CVE-2025-38676 in the Linux kernel. cos-patch: security-moderate Reported-by: Simcha Kosman <simcha.kosman@cyberark.com> Closes: https://lore.kernel.org/all/AS8P193MB2271C4B24BCEDA31830F37AE84A52@AS8P193MB2271.EURP193.PROD.OUTLOOK.COM Fixes: b6b26d86c61c ("iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter") Change-Id: I6a550358cfee04c044cf8de4f24588f44fc98d33 Signed-off-by: Kees Cook <kees@kernel.org> Reviewed-by: Ankit Soni <Ankit.Soni@amd.com> Link: https://lore.kernel.org/r/20250804154023.work.970-kees@kernel.org Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Kevin Berry <kpberry@google.com> Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/110681 Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com> Reviewed-by: Shuo Yang <gshuoy@google.com> Reviewed-by: Miri Amarilio <mirilio@google.com>