src - FreeBSD source tree

diff options

author	Chuck Tuffli <chuck@FreeBSD.org>	2024-09-19 15:11:30 +0000
committer	Chuck Tuffli <chuck@FreeBSD.org>	2024-10-06 13:50:28 +0000
commit	b0a24be007d83f7929de5b3fc320a29e6868067d (patch)
tree	0bd225fcf2085ef60a1823da0c683db13438764b /crypto/kerberosIV/man/(developers-only)
parent	7d893fce0d1126959733efec7105b56d0de7a3cb (diff)
download	src-main.tar.gz src-main.zip

bhyve/nvme: Fix out-of-bounds read in NVMe log pageHEAD main

The function nvme_opc_get_log_page in the file usr.sbin/bhyve/pci_nvme.c is vulnerable to buffer over-read. The value logoff is user controlled but never checked against the value of logsize. Thus the difference: logsize - logoff can underflow. Due to the sc structure layout, an attacker can dump internals fields of sc and the content of next heap allocation. Reported by: Synacktiv Reviewed by: emaste, jhb Security: HYP-07 Sponsored by: Alpha-Omega Project, The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46021

Diffstat (limited to 'crypto/kerberosIV/man/(developers-only)')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: