-
由 Ross Lagerwall 提交于
mainline inclusion from mainline-5.0 commit 1c0d9b1c31d1 category: bugfix bugzilla: 11629 CVE: NA ------------------------------------------------- Check that the length recorded in the generic error status block is within the region before checking the contents of the region itself. Otherwise it may result in an out-of-bounds access if the system firmware has generated a status block with an invalid length (larger than the mapped region). Also move the block_status check so that it only happens after the block has been verified to be within the mapped region. Signed-off-by: NRoss Lagerwall <ross.lagerwall@citrix.com> Acked-by: NBorislav Petkov <bp@suse.de> Tested-by: NTyler Baicar <baicar.tyler@gmail.com> Signed-off-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com> Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com> Reviewed-by: NYao Hongbo <yaohongbo@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
5104405b