shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-06 10:58:48 +09:00
Code Issues Packages Projects Releases Wiki Activity
1,235,222 Commits 55 Branches 2,486 Tags
6bd2569d0b2f918e9581f744df0263caf73ee76c
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Qasim Ijaz 6bd2569d0b net: ch9200: fix uninitialised access during mii_nway_restart 
commit 9ad0452c0277b816a435433cca601304cfac7c21 upstream.

In mii_nway_restart() the code attempts to call
mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read()
utilises a local buffer called "buff", which is initialised
with control_read(). However "buff" is conditionally
initialised inside control_read():

        if (err == size) {
                memcpy(data, buf, size);
        }

If the condition of "err == size" is not met, then
"buff" remains uninitialised. Once this happens the
uninitialised "buff" is accessed and returned during
ch9200_mdio_read():

        return (buff[0] | buff[1] << 8);

The problem stems from the fact that ch9200_mdio_read()
ignores the return value of control_read(), leading to
uinit-access of "buff".

To fix this we should check the return value of
control_read() and return early on error.

Reported-by: syzbot <syzbot+3361c2d6f78a3e0892f9@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=3361c2d6f78a3e0892f9
Tested-by: syzbot <syzbot+3361c2d6f78a3e0892f9@syzkaller.appspotmail.com>
Fixes: 4a476bd6d1 ("usbnet: New driver for QinHeng CH9200 devices")
Cc: stable@vger.kernel.org
Signed-off-by: Qasim Ijaz <qasdev00@gmail.com>
Link: https://patch.msgid.link/20250526183607.66527-1-qasdev00@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-27 11:08:50 +01:00
arch
KVM: VMX: Flush shadow VMCS on emergency reboot
2025-06-27 11:08:49 +01:00
block
scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
2025-05-22 14:12:22 +02:00
certs
sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
2025-04-25 10:45:58 +02:00
crypto
crypto: xts - Only add ecb if it is not already there
2025-06-19 15:28:03 +02:00
Documentation
regulator: dt-bindings: mt6357: Drop fixed compatible requirement
2025-06-19 15:28:46 +02:00
drivers
net: ch9200: fix uninitialised access during mii_nway_restart
2025-06-27 11:08:50 +01:00
fs
f2fs: fix to do sanity check on sit_bitmap_size
2025-06-27 11:08:48 +01:00
include
io_uring: add io_file_can_poll() helper
2025-06-19 15:28:44 +02:00
init
sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP
2025-05-02 07:50:57 +02:00
io_uring
io_uring/kbuf: account ring io_buffer_list memory
2025-06-27 11:08:43 +01:00
ipc
ipc: fix to protect IPCS lookups using RCU
2025-06-27 11:08:49 +01:00
kernel
ftrace: Fix UAF when lookup kallsym after ftrace disabled
2025-06-27 11:08:49 +01:00
lib
kunit: Fix wrong parameter to kunit_deactivate_static_stub()
2025-06-19 15:28:04 +02:00
LICENSES
LICENSES: Add the copyleft-next-0.3.1 license
2022-11-08 15:44:01 +01:00
mm
mm: fix ratelimit_pages update error in dirty_ratio_handler()
2025-06-27 11:08:49 +01:00
net
net/sched: fix use-after-free in taprio_dev_notifier
2025-06-27 11:08:48 +01:00
rust
rust: lockdep: Remove support for dynamically allocated LockClassKeys
2025-03-22 12:50:50 -07:00
samples
samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora
2025-06-04 14:41:53 +02:00
scripts
kbuild: Disable -Wdefault-const-init-unsafe
2025-06-19 15:28:45 +02:00
security
smack: Revert "smackfs: Added check catlen"
2025-06-04 14:42:09 +02:00
sound
ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
2025-06-27 11:08:43 +01:00
tools
tools/resolve_btfids: Fix build when cross compiling kernel with clang.
2025-06-19 15:28:44 +02:00
usr
kbuild: hdrcheck: fix cross build with clang
2025-03-13 12:58:38 +01:00
virt
KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock
2024-10-04 16:29:47 +02:00
.clang-format
iommu: Add for_each_group_device()
2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore
get_maintainer: add Alan to .get_maintainer.ignore
2022-08-20 15:17:44 -07:00
.gitattributes
.gitattributes: set diff driver for Rust source code files
2023-05-31 17:48:25 +02:00
.gitignore
Remove *.orig pattern from .gitignore
2024-10-04 16:29:44 +02:00
.mailmap
Merge tag 'mm-hotfixes-stable-2023-10-24-09-40' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2023-10-24 09:52:16 -10:00
.rustfmt.toml
rust: add .rustfmt.toml
2022-09-28 09:02:20 +02:00
COPYING
CREDITS
USB: Remove Wireless USB and UWB documentation
2023-08-09 14:17:32 +02:00
Kbuild
Merge tag 'kbuild-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS
sign-file,extract-cert: move common SSL helper functions to a header
2025-04-25 10:45:57 +02:00
Makefile
Linux 6.6.94
2025-06-19 15:28:47 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 7.9 GiB
Languages
C 97.7%
Assembly 1.6%
Makefile 0.3%
Perl 0.1%