Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issueThe TQP BAR space is divided into two segments. TQPs 0-1023 and TQPs1024-1279 are in different BAR space addresses. However,hclge_fetch_pf_reg does not distinguish the tqp space information whenreading the tqp space information. When the number of TQPs is greaterthan 1024, access bar space overwriting occurs.The problem of different segments has been considered during theinitialization of tqp.io_base. Therefore, tqp.io_base is directly usedwhen the queue is read in hclge_fetch_pf_reg.The error message:Unable to handle kernel paging request at virtual address ffff800037200000pc : hclge_fetch_pf_reg+0x138/0x250 [hclge]lr : hclge_get_regs+0x84/0x1d0 [hclge]Call trace: hclge_fetch_pf_reg+0x138/0x250 [hclge] hclge_get_regs+0x84/0x1d0 [hclge] hns3_get_regs+0x2c/0x50 [hns3] ethtool_get_regs+0xf4/0x270 dev_ethtool+0x674/0x8a0 dev_ioctl+0x270/0x36c sock_do_ioctl+0x110/0x2a0 sock_ioctl+0x2ac/0x530 __arm64_sys_ioctl+0xa8/0x100 invoke_syscall+0x4c/0x124 el0_svc_common.constprop.0+0x140/0x15c do_el0_svc+0x30/0xd0 el0_svc+0x1c/0x2c el0_sync_handler+0xb0/0xb4 el0_sync+0x168/0x180
No PoCs from references.
- https://github.com/brel-ge/kcfg-vex
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/oogasawa/Utility-security