Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1910275rbb; Tue, 27 Feb 2024 05:19:25 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWo6kIw/adxSgejXcxcpZTTXR042q2LRf4o5hu+1+PoIj7rwYaMHqZjUO0PaQHNq/n5oV7GUZn7s5qrMYg1QazSUs+NlUypG+V+xse4ow== X-Google-Smtp-Source: AGHT+IFQqlELlP0Xwzwjq2hJWDZxIxuRjlXVX1/R0650peACrQDAkGJ3fjZdhbRyXDTELET7UnZn X-Received: by 2002:a17:902:dacd:b0:1dc:b320:9475 with SMTP id q13-20020a170902dacd00b001dcb3209475mr4052372plx.13.1709039964962; Tue, 27 Feb 2024 05:19:24 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709039964; cv=pass; d=google.com; s=arc-20160816; b=ZcgDi4UL0Zhr2qMZZBaT08C/XIYuYvgZLZ5y1AAbw3/wW3c43TPD+nQb1TFQ9lXqao Z1Oc/8CP8B+hpzUMDYHCdvK7w7OmtBfxmk1FUGIjAHaBBmswOD+lRC9yJJD1x/yD5cMD LeEqx9QH7HsxAj4dpTwJTQ/ANa9SJURgVEbUkgBF/UevWTTa/1/TJ13KdAsfNvcDlOt2 AkKIG1Yet05vuo8K/Yb0uTS2Jsz5EuTDV4baZJ3TN60m7MsSnVa6WxTkVlSxHbw4TaLq qOpywFusEo/adBALHkE6zRnf2cg6Tk8wTr2fOGZP9KCAXqrhyLV7r3DfMebx260/ob+r K28w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature :dkim-signature:dkim-signature:dkim-signature; bh=gIlOSV0TQNSPsr1l71Sd7x8euobQck9HznkmkrefATM=; fh=8JGS383weMnwXjkALviSnx+A0jcHSzqI2MbAI89cPpE=; b=tOgWEAcXO8UXUrRtsIuVMrSTP2CAxDRfHzB4WKiIOkdB0mEjp64xwJ2fuYVc5dzgXx cpx9RJ8EU/ta79tsmY7ybrZ4aJojeO0tArKqei6TU+ZZKahqFH12PUKrfBUVZqyLKkl0 DbXGagPMSWwFhc2A4xQZ4w5ykSvt9gzcEWv8ke9IdOa4u+skRW3aFRm3dNL4jLB4HdFb /LviZ+o36a1mI4+4InpEy9Hx2frcDENDRtRB9X1cHJ2yzgWkHsn+h/GudSg4UJKCAndg zy5ui7MylXwo4vngHVimwDeZYYCP1vrN5w/jBdHXPV04eF8/F5uXhe2qY5Uz8CGHotR6 IUnQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=yx6oiN+s; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=3w+Qj6AJ; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=yx6oiN+s; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-kernel+bounces-83305-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-83305-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id ja5-20020a170902efc500b001dc49afc0dbsi1351390plb.519.2024.02.27.05.19.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Feb 2024 05:19:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-83305-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=yx6oiN+s; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=3w+Qj6AJ; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=yx6oiN+s; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-kernel+bounces-83305-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-83305-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A766D291E74 for ; Tue, 27 Feb 2024 13:19:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9F93C13B7A2; Tue, 27 Feb 2024 13:18:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="yx6oiN+s"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="3w+Qj6AJ"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="yx6oiN+s"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="3w+Qj6AJ" Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3620713B2A2; Tue, 27 Feb 2024 13:18:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709039936; cv=none; b=BuPZUNq0U0aL94SWOjGS4P3vmeLf4leoNbKJRpFOFjx3SRq7Lnh2Xq7A7xFl+qtOHuti/EFYjpwjzH7L41C3Jhsc/FeaiP0oYGPRQ7DohMutP2vXArxZQRiYzl6nCfKw4LAliA9aFnvg19karYQiwNPAydoTKYg5gNLn0EY2H2o= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709039936; c=relaxed/simple; bh=tYd0vCp6AbOyJoSfA2zmRq/u0mLMoAJKm0UC99IduH8=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=dbOkluWYBYkqqpKJi3NZm/cOlg+d2kWbzPjcQ8iycWotHZ+/MMhbQ/bp8QZ3SX7dlmrqYxt6cG1YOLcwTyYbX/OaG6jdAgU3TevzZ1yYeR/6YQ1Oa7+doA3i4Y5H4C+Itvtx8DLUufmMbGRkPVCxWMMCt08PfKRL96pvCEiGGYU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=yx6oiN+s; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=3w+Qj6AJ; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=yx6oiN+s; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=3w+Qj6AJ; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Received: from imap2.dmz-prg2.suse.org (imap2.dmz-prg2.suse.org [10.150.64.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id E9551222B1; Tue, 27 Feb 2024 13:18:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1709039933; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gIlOSV0TQNSPsr1l71Sd7x8euobQck9HznkmkrefATM=; b=yx6oiN+sMijyaPYzbp0Rej2X7EhWR2PcWGeWvw0NYeO/OexSzyP3GOILQih5OrmBXhhvp8 PaV8DkIHBoyR9T45X8tdhXKgvMFTWvHnsZq0oil8JtUVV9PriFVLk5XlH/hz8cRF7D4uhb r1AYB+aUsyPOh6mbKM9nZblV8fKuNmY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1709039933; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gIlOSV0TQNSPsr1l71Sd7x8euobQck9HznkmkrefATM=; b=3w+Qj6AJm/UpKPmBO/3E8WUGUHQXKw4qny4WDEH6OR2otvFUUsSPS4z36zstCAZ0+Bvnyn JxAq8SEXS+lhHlCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1709039933; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gIlOSV0TQNSPsr1l71Sd7x8euobQck9HznkmkrefATM=; b=yx6oiN+sMijyaPYzbp0Rej2X7EhWR2PcWGeWvw0NYeO/OexSzyP3GOILQih5OrmBXhhvp8 PaV8DkIHBoyR9T45X8tdhXKgvMFTWvHnsZq0oil8JtUVV9PriFVLk5XlH/hz8cRF7D4uhb r1AYB+aUsyPOh6mbKM9nZblV8fKuNmY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1709039933; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gIlOSV0TQNSPsr1l71Sd7x8euobQck9HznkmkrefATM=; b=3w+Qj6AJm/UpKPmBO/3E8WUGUHQXKw4qny4WDEH6OR2otvFUUsSPS4z36zstCAZ0+Bvnyn JxAq8SEXS+lhHlCw== Received: from imap2.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap2.dmz-prg2.suse.org (Postfix) with ESMTPS id 95FB313419; Tue, 27 Feb 2024 13:18:52 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap2.dmz-prg2.suse.org with ESMTPSA id OiUAITzh3WVmagAAn2gu4w (envelope-from ); Tue, 27 Feb 2024 13:18:52 +0000 Message-ID: <084e7c38-ebce-4091-af40-42283e344ccc@suse.de> Date: Tue, 27 Feb 2024 14:18:51 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: CVE-2023-52466: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() Content-Language: en-US To: cve@kernel.org, linux-kernel@vger.kernel.org, linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman References: <2024022544-CVE-2023-52466-fea5@gregkh> From: =?UTF-8?Q?Carlos_L=C3=B3pez?= In-Reply-To: <2024022544-CVE-2023-52466-fea5@gregkh> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Authentication-Results: smtp-out1.suse.de; none X-Spam-Level: X-Spam-Score: -2.15 X-Spamd-Result: default: False [-2.15 / 50.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; XM_UA_NO_VERSION(0.01)[]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; NEURAL_HAM_SHORT(-0.20)[-0.975]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; BAYES_HAM(-0.87)[85.61%]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_TLS_ALL(0.00)[] X-Spam-Flag: NO Hi, On 25/2/24 9:16, Greg Kroah-Hartman wrote: > There is no actual issue right now because we have another check afterwards > and the out-of-bounds read is not being performed. In any case it's better > code with this fixed, hence the proposed change. Given that there is no actual security issue this looks more like a hardening, and thus not deserving of a CVE, no? Best, Carlos -- Carlos López Security Engineer SUSE Software Solutions