i2c: dev: copy userspace array safely (!4296) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Steve Best requested to merge sfbest/centos-stream-9:38295 into main May 22, 2024

JIRA: https://issues.redhat.com/browse/RHEL-38295
CVE: CVE-2023-52758

Build Info: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=61411505

Tested: Did sanity i2c testing Intel (intel-arrowlake-s-02) system.

commit cc9c54232f04aef3a5d7f64a0ece7df00f1aaa3d
Author: Philipp Stanner pstanner@redhat.com
Date: Thu Nov 2 20:26:13 2023 +0100

i2c: dev: copy userspace array safely  

i2c-dev.c utilizes memdup_user() to copy a userspace array. This is done  
without an overflow check.  

Use the new wrapper memdup_array_user() to copy the array more safely.  

Suggested-by: Dave Airlie <airlied@redhat.com>  
Signed-off-by: Philipp Stanner <pstanner@redhat.com>  
Signed-off-by: Wolfram Sang <wsa@kernel.org>

Signed-off-by: Steve Best sbest@redhat.com

i2c: dev: copy userspace array safely

Merge request reports