of: fdt: fix off-by-one error in unflatten_dt_nodes() (!4220) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Steve Best requested to merge sfbest/centos-stream-9:35465 into main May 13, 2024

JIRA: https://issues.redhat.com/browse/RHEL-35465
CVE: CVE-2022-48672

https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=61172807
Tested: Did sanity boot testing using nvidia-jetson-agx-orin-11 system.

commit 2f945a792f67815abca26fa8a5e863ccf3fa1181
Author: Sergey Shtylyov s.shtylyov@omp.ru
Date: Sat Aug 13 23:34:16 2022 +0300

of: fdt: fix off-by-one error in unflatten_dt_nodes()  

Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree")  
forgot to fix up the depth check in the loop body in unflatten_dt_nodes()  
which makes it possible to overflow the nps[] buffer...  

Found by Linux Verification Center (linuxtesting.org) with the SVACE static  
analysis tool.  

Fixes: 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree")  
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>  
Signed-off-by: Rob Herring <robh@kernel.org>  
Link: https://lore.kernel.org/r/7c354554-006f-6b31-c195-cdfe4caee392@omp.ru

Signed-off-by: Steve Best sbest@redhat.com

of: fdt: fix off-by-one error in unflatten_dt_nodes()

Merge request reports