<div dir="ltr"><div>Should I resubmit the patch email with correct formatting? MITRE assigned this bug as CVE-2021-42327. Does AMD/kernel do public vulnerability reports? Do I need to email someone else or something(sorry for dumb questions this is my first time doing this and I don't know what to do)? <br></div>I am trying to do step 11 from here: <a href="https://cve.mitre.org/cve/researcher_reservation_guidelines">https://cve.mitre.org/cve/researcher_reservation_guidelines</a>.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 12, 2021 at 3:18 AM Christian König <<a href="mailto:ckoenig.leichtzumerken@gmail.com">ckoenig.leichtzumerken@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
Am 11.10.21 um 22:24 schrieb T. Williams:<br>
<blockquote type="cite">
<div dir="ltr"><br>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">---------- Forwarded message
---------<br>
From: <b class="gmail_sendername" dir="auto">docfate111</b>
<span dir="auto"><<a href="mailto:tdwilliamsiv@gmail.com" target="_blank">tdwilliamsiv@gmail.com</a>></span><br>
Date: Mon, Oct 11, 2021 at 4:22 PM<br>
Subject: [PATCH] Size can be any value and is user
controlled resulting in overwriting the 40 byte array wr_buf
with an arbitrary length of data from buf.<br>
To: <<a href="mailto:dri-devel@lists.freedesktop.org" target="_blank">dri-devel@lists.freedesktop.org</a>><br>
Cc: <<a href="mailto:harry.wentland@amd.com" target="_blank">harry.wentland@amd.com</a>>,
<<a href="mailto:sunpeng.li@amd.com" target="_blank">sunpeng.li@amd.com</a>><br>
</div>
<br>
<br>
Signed-off-by: docfate111 <<a href="mailto:tdwilliamsiv@gmail.com" target="_blank">tdwilliamsiv@gmail.com</a>><br>
</div>
</div>
</blockquote>
<br>
While the find might be correct there are a couple of style problems
with the patch.<br>
<br>
First of all the subject line must be shorter and should be
something like "drm/amdgpu: fix out of bounds write".<br>
<br>
The detailed description of the bug then comes into the commit
message.<br>
<br>
And finally please use your real name for the Signed-off-by line.<br>
<br>
Apart from that good catch,<br>
Christian.<br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_quote">
---<br>
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2
+-<br>
1 file changed, 1 insertion(+), 1 deletion(-)<br>
<br>
diff --git
a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c<br>
index 87daa78a32b8..17f2756a64dc 100644<br>
---
a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c<br>
+++
b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c<br>
@@ -263,7 +263,7 @@ static ssize_t
dp_link_settings_write(struct file *f, const char __user *buf,<br>
if (!wr_buf)<br>
return -ENOSPC;<br>
<br>
- if (parse_write_buffer_into_params(wr_buf, size,<br>
+ if (parse_write_buffer_into_params(wr_buf,
wr_buf_size,<br>
(long *)param, buf,<br>
max_param_num,<br>
¶m_nums)) {<br>
-- <br>
2.25.1<br>
<br>
</div>
<br clear="all">
<br>
-- <br>
<div dir="ltr">
<div dir="ltr">
<div>Thank you for your time,<br>
</div>
Thelford Williams<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>Thank you for your time,<br></div>Thelford Williams<br></div></div>