Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()Within kirin_pcie_parse_port(), the pcie->num_slots is compared topcie->gpio_id_reset size (MAX_PCI_SLOTS) which is correct and would leadto an overflow.Thus, fix condition to pcie->num_slots + 1 >= MAX_PCI_SLOTS and movepcie->num_slots increment below the if-statement to avoid out-of-boundsarray access.Found by Linux Verification Center (linuxtesting.org) with SVACE.[kwilczynski: commit log]
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds