-
由 Prasad J Pandit 提交于
While performing PowerNV memory r/w operations, the access length 'sz' could exceed the data[4] buffer size. Add check to avoid OOB access. Reported-by: NMoguofang <moguofang@huawei.com> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Reviewed-by: NCédric Le Goater <clg@kaod.org> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> (cherry picked from commit d07945e7) *CVE-2018-18954 Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
8d252761