Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3125710rwb; Mon, 19 Sep 2022 15:37:25 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4MSyDXg8Zl1yeOzzhNec9aXLAC61cfEH8hDxG22qYRnRkB9zEnsagbR1GzsviWG24mgwab X-Received: by 2002:a05:6402:8c3:b0:454:2c73:3381 with SMTP id d3-20020a05640208c300b004542c733381mr4927031edz.308.1663627045516; Mon, 19 Sep 2022 15:37:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663627045; cv=none; d=google.com; s=arc-20160816; b=G7jzJ5Pu2GIb99m5TLnJY5vyFQT9LaNoFhj1D5bC+QQ/ZPQ5ei4QcHDHRZ6wRkUiSG HUa2pBg7of9nIB3r6qMvraetp3/X510ZfUkjiCrOsHSTo86corzi1O6G3flrI8wJK8N/ BBBy85t0RXObDLTEo0uSgSW0eUOobqvwPqKKkO2xcAX2qRIdHbau5YdVZssDEurR6dGx s9tgvHc4X9xiKqyB2nnMRl/410/DE03Cz1HqoUtsRSyrhrJsvGRSp5X0OAxolH+byN2X sZE6Ys+WFq2EBMHI5T2Ox140XRiDL92EImFybk5ZbyPW+6mwBxJcmkf8KOY4b1knmGiW NWXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=R9zN+3kDGK4Gjv3klMGXt1ELuLxR62zts901ymkLHE8=; b=St/mHyyr4Cf1fXDm/6JDLBOAm3LfJCJe1RSQI9EJfY6uC/H2nL5myFg6PymaylC1Q/ VFfFwMTHd9aNkGNul9zLpGBQSDB1ubq/q6DLu+LKANvaL+5RscwNGRlxMnqXtJC8ScLW Sb+mVrcnDXIhlg4EAYTmRhRSHJa4CvpbDQyQ78vh+Nm2WcXOy4ci8kiXFnqWG8V6R+FK k3Y+/QStFQtob8DfiPcQ0pGv72drn5rm9vOV2g9CFHXlbcALhhQ77QJWO95zolZsuuGC yk+J/zfVkGSKcz33w5JeDMORNm2EZN/iISULFnAJ7ykdya1xfq/7ePbt3xhJCyu1kw1S k0uw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=utD7UhZB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h20-20020a170906111400b0078164647095si3295603eja.68.2022.09.19.15.36.58; Mon, 19 Sep 2022 15:37:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=utD7UhZB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229562AbiISWYu (ORCPT + 99 others); Mon, 19 Sep 2022 18:24:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229888AbiISWYq (ORCPT ); Mon, 19 Sep 2022 18:24:46 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 889C526F6; Mon, 19 Sep 2022 15:24:44 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E380761F25; Mon, 19 Sep 2022 22:24:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4F475C433C1; Mon, 19 Sep 2022 22:24:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663626283; bh=WeViwtRYiEct6JdkRg0/EHBTsvanzK6bAY0e0FVZfUQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=utD7UhZBPjczB52yx2dxtW2yedxqPwZC5xsd0tqkBoV54V6mqBNKn0MKQGfXYFlsA v/F5gLfMu/+ypzH9OTdsMuyDzvgR/Y9GkyHpYpGevzDUy5Ru/snowxIpPwQAoN83pY rbevGieIEK1x8wnA6vxZhGGiCA5VQ8xBbjE/Mi1Up/lvLDSwGwr1hhlY7/5xUZHMII LzS493VE2b70za2AGvpZqZ9nouIGb91AIaqb6F3flNBR8oS0g5kWxR54J372uGa/I7 z28dNGPwHC/2qBSe6vaa6U1ifYW35h1+WwN1GbXZwSTUl7q2lSuH7ch0YFslkBO1fQ kjFGIK2Tbkkbg== Date: Mon, 19 Sep 2022 18:24:42 -0400 From: Sasha Levin To: Vitaly Chikunov Cc: Greg Kroah-Hartman , linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH AUTOSEL 5.15 22/41] video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write Message-ID: References: <20220628022100.595243-1-sashal@kernel.org> <20220628022100.595243-22-sashal@kernel.org> <20220919082143.g4gn5ssbzolnc57b@altlinux.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20220919082143.g4gn5ssbzolnc57b@altlinux.org> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 19, 2022 at 11:21:43AM +0300, Vitaly Chikunov wrote: >On Mon, Jun 27, 2022 at 10:20:41PM -0400, Sasha Levin wrote: >> From: Hyunwoo Kim >> >> [ Upstream commit a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 ] >> >> In pxa3xx_gcu_write, a count parameter of type size_t is passed to words of >> type int. Then, copy_from_user() may cause a heap overflow because it is used >> as the third argument of copy_from_user(). > >Why this commit is still not in the stable branches? Mostly because it's not tagged for stable. But really, looks like I've missed a batch a few months ago, I can push it for the next release cycle. >Isn't this is the fix for CVE-2022-39842[1]? How the heck did this thing get a CVE? -- Thanks, Sasha