linux-stable

History

Minsuk Kang 755019e378 nfc: pn533: Clear nfc_target before being used [ Upstream commit `9f28157778` ] Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call Trace: memcpy nla_put nfc_genl_dump_targets genl_lock_dumpit netlink_dump __netlink_dump_start genl_family_rcv_msg_dumpit genl_rcv_msg netlink_rcv_skb genl_rcv netlink_unicast netlink_sendmsg sock_sendmsg ____sys_sendmsg ___sys_sendmsg __sys_sendmsg do_syscall_64 Fixes: `673088fb42` ("NFC: pn533: Send ATR_REQ directly for active device detection") Fixes: `361f3cb7f9` ("NFC: DEP link hook implementation for pn533") Signed-off-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20221214015139.119673-1-linuxlovemin@yonsei.ac.kr Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2022-12-31 13:26:37 +01:00
..
fdp	nfc: fdp: Fix potential memory leak in fdp_nci_send()	2022-11-10 18:17:16 +01:00
microread	…
nfcmrvl	nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()	2022-11-10 18:17:17 +01:00
nxp-nci	nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()	2022-11-10 18:17:17 +01:00
pn533	nfc: pn533: Clear nfc_target before being used	2022-12-31 13:26:37 +01:00
pn544	…
s3fwrn5	nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()	2022-11-10 18:17:17 +01:00
st-nci	nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION	2022-12-02 17:43:09 +01:00
st21nfca	…
st95hf	…
Kconfig	…
Makefile	…
mei_phy.c	…
mei_phy.h	…
nfcsim.c	…
port100.c	…
trf7970a.c	…
virtual_ncidev.c	…