Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4dd10903 authored Feb 20, 2025 by Vikash Garodia Committed by Greg Kroah-Hartman May 02, 2025

media: venus: hfi: add a check to handle OOB in sfr region



commit f4b211714bcc70effa60c34d9fa613d182e3ef1e upstream.

sfr->buf_size is in shared memory and can be modified by malicious user.
OOB write is possible when the size is made higher than actual sfr data
buffer. Cap the size to allocated size for such cases.

Cc: stable@vger.kernel.org
Fixes: d96d3f30 ("[media] media: venus: hfi: add Venus HFI files")
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Vikash Garodia <quic_vgarodia@quicinc.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 68b37e31

Show whitespace changes

Inline Side-by-side

Sahil Sonar 💬 @sahilsonar
mentioned in commit a095a274
· Aug 02, 2025

mentioned in commit a095a274

mentioned in commit a095a2749dd50541f58e8a1caae1b599ec119469

Toggle commit list
Sahil Sonar 💬 @sahilsonar
mentioned in commit a095a274
· Aug 02, 2025

mentioned in commit a095a274

mentioned in commit a095a2749dd50541f58e8a1caae1b599ec119469

Toggle commit list

Please register or to comment