Draft: CVE-2024-38579: crypto: bcm - Fix pointer arithmetic (!4556) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

CKI Backport Bot requested to merge redhat/red-hat-ci-tools/kernel/bot-branches/centos-stream-9:backport-RHEL-44114-centos-stream-9-main into main Jun 25, 2024

JIRA: https://issues.redhat.com/browse/RHEL-44114
CVE: CVE-2024-38579

crypto: bcm - Fix pointer arithmetic

In spu2_dump_omd() value of ptr is increased by ciph_key_len
instead of hash_iv_len which could lead to going beyond the
buffer boundaries.
Fix this bug by changing ciph_key_len to hash_iv_len.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9)

Signed-off-by: cki-backport-bot cki-ci-bot+cki-gitlab-backport-bot@redhat.com

Draft: CVE-2024-38579: crypto: bcm - Fix pointer arithmetic

Merge request reports