[Bug 2067429] [NEW] Address out-of-bounds issue when using TPM SPI interface

Brad Figg Tue, 28 May 2024 15:05:31 -0700

Public bug reported:

    The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the
    maximum transfer length and the size of the transfer buffer. As such, it
    does not account for the 4 bytes of header that prepends the SPI data
    frame. This can result in out-of-bounds accesses and was confirmed with
    KASAN.


    Introduce SPI_HDRSIZE to account for the header and use to allocate the
    transfer buffer.

** Affects: linux-nvidia (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067429

Title:
  Address out-of-bounds issue when using TPM SPI interface

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-nvidia/+bug/2067429/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2067429] [NEW] Address out-of-bounds issue when using TPM SPI interface

Reply via email to