Fwd: [PATCH] Size can be any value and is user controlled resulting in overwriting the 40 byte array wr_buf with an arbitrary length of data from buf.

Alex Deucher alexdeucher at gmail.com
Tue Oct 12 20:56:24 UTC 2021 

On Tue, Oct 12, 2021 at 4:45 PM T. Williams <tdwilliamsiv at gmail.com> wrote:
>
> Should I resubmit the patch email with correct formatting? MITRE assigned this bug as CVE-2021-42327. Does AMD/kernel do public vulnerability reports? Do I need to email someone else or something(sorry for dumb questions this is my first time doing this and I don't know what to do)?
> I am trying to do step 11 from here: https://cve.mitre.org/cve/researcher_reservation_guidelines.

Just resend the fixed up patch using git-send-email and we'll apply it.

Alex

>
> On Tue, Oct 12, 2021 at 3:18 AM Christian König <ckoenig.leichtzumerken at gmail.com> wrote:
>>
>> Am 11.10.21 um 22:24 schrieb T. Williams:
>>
>>
>>
>> ---------- Forwarded message ---------
>> From: docfate111 <tdwilliamsiv at gmail.com>
>> Date: Mon, Oct 11, 2021 at 4:22 PM
>> Subject: [PATCH] Size can be any value and is user controlled resulting in overwriting the 40 byte array wr_buf with an arbitrary length of data from buf.
>> To: <dri-devel at lists.freedesktop.org>
>> Cc: <harry.wentland at amd.com>, <sunpeng.li at amd.com>
>>
>>
>> Signed-off-by: docfate111 <tdwilliamsiv at gmail.com>
>>
>>
>> While the find might be correct there are a couple of style problems with the patch.
>>
>> First of all the subject line must be shorter and should be something like "drm/amdgpu: fix out of bounds write".
>>
>> The detailed description of the bug then comes into the commit message.
>>
>> And finally please use your real name for the Signed-off-by line.
>>
>> Apart from that good catch,
>> Christian.
>>
>> ---
>>  drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
>> index 87daa78a32b8..17f2756a64dc 100644
>> --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
>> +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
>> @@ -263,7 +263,7 @@ static ssize_t dp_link_settings_write(struct file *f, const char __user *buf,
>>         if (!wr_buf)
>>                 return -ENOSPC;
>>
>> -       if (parse_write_buffer_into_params(wr_buf, size,
>> +       if (parse_write_buffer_into_params(wr_buf, wr_buf_size,
>>                                            (long *)param, buf,
>>                                            max_param_num,
>>                                            &param_nums)) {
>> --
>> 2.25.1
>>
>>
>>
>> --
>> Thank you for your time,
>> Thelford Williams
>>
>>
>
>
> --
> Thank you for your time,
> Thelford Williams

More information about the amd-gfx mailing list