| Message ID | tencent_BD16D2DE705D6E27FC5B93ECDEEF9A7B5009@qq.com |
|---|---|
| State | New |
| Headers | show |
| Series | scsi: fix out of bounds error in /drivers/scsi | expand |
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 3f6e87705b62..eeaa6af294b8 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -3384,7 +3384,7 @@ static void sd_read_block_limits_ext(struct scsi_disk *sdkp) rcu_read_lock(); vpd = rcu_dereference(sdkp->device->vpd_pgb7); - if (vpd && vpd->len >= 2) + if (vpd && vpd->len >= 6) sdkp->rscs = vpd->data[5] & 1; rcu_read_unlock(); }
Out-of-bounds vulnerability found in ./drivers/scsi/sd.c, sd_read_block_limits_ext Function Due to Unreasonable boundary checks. Out-of-bounds read vulnerability exists in the Linux kernel's SCSI disk driver (./drivers/scsi/sd.c). The flaw occurs in the sd_read_block_limits_ext function when processing Vital Product Data (VPD) page B7 (Block Limits Extension) responses from storage devices Signed-off-by: jackysliu <1972843537@qq.com> --- drivers/scsi/sd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)