usb: storage: sddr55: Reject out-of-bound new_pba - user/sven/linux.git

diff options

author	Tianchu Chen <flynnnchen@tencent.com>	2025-11-16 12:46:18 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-11-21 15:15:24 +0100
commit	b59d4fda7e7d0aff1043a7f742487cb829f5aac1 (patch)
tree	f6db7be6b5a394ecc9885a5441d66f92cdaa59d5 /scripts/lib/kdoc/kdoc_files.py
parent	2e558d86e0975fdfb048bd600e253993edc068fe (diff)

usb: storage: sddr55: Reject out-of-bound new_pba

Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes from the status packet returned after each write. A bogus device could report values beyond the block count derived from info->capacity, letting the driver walk off the end of pba_to_lba[] and corrupt heap memory. Reject PBAs that exceed the computed block count and fail the transfer so we avoid touching out-of-range mapping entries. Signed-off-by: Tianchu Chen <flynnnchen@tencent.com> Cc: stable <stable@kernel.org> Link: https://patch.msgid.link/B2DC73A3EE1E3A1D+202511161322001664687@tencent.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/kdoc/kdoc_files.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: