[U-Boot] [PATCH v2 3/5] CVE-2019-14194/CVE-2019-14198: nfs: fix unbounded memcpy with a failed length check at nfs_read_reply //RE: [PATCH 3/5] CVE-2019-14194/CVE-2019-14198: nfs: fix unbounded memcpy with a failed length check at nfs_read_reply

Joe Hershberger joe.hershberger at ni.com
Tue Sep 3 18:29:28 UTC 2019


On Thu, Aug 29, 2019 at 8:50 AM liucheng (G) <liucheng32 at huawei.com> wrote:
>
> Changes in v2:
> - Add reported-by tag for patch 3/5
> --------------------------------------------------------------------------------------------------------------
> CVE-2019-14194/CVE-2019-14198: nfs: fix unbounded memcpy with a failed length check at nfs_read_reply
>
> This patch adds a check to rpc_pkt.u.reply.data at nfs_read_reply.
>
> Signed-off-by: Cheng Liu <liucheng32 at huawei.com>
> Reported-by: Fermín Serna <fermin at semmle.com>

Acked-by: Joe Hershberger <joe.hershberger at ni.com>


More information about the U-Boot mailing list