Re: ST ST95HF DRIVER security bug
From: Krzysztof Kozlowski
Date: Wed Aug 24 2022 - 12:21:53 EST
On 24/08/2022 18:12, מיכאל שטראוס wrote:
>>
>> Please use scripts/get_maintainers.pl to Cc relevant people. You got the
>> same comment last time as well...
>>
> Sorry my bad, i forgot we already contacted.
> I actually ran it and your name came up for some reason.
>
>> ./scripts/get_maintainer.pl drivers/nfc/st95hf/spi.c
>
> Bad divisor in main::vcs_assign: 0
>
> Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxx> (maintainer:NFC
>> SUBSYSTEM)
>
> netdev@xxxxxxxxxxxxxxx (open list:NFC SUB
and other addresses... why removing them?
>
>
>
>
>> What does it mean "current source"? Please be specific which exactly
>
> kernel version is affected, which commit introduced it.
>
> *Effected version: *
> - v6.0-rc2 <https://github.com/torvalds/linux/releases/tag/v6.0-rc2> ...
> - *v4.5-rc1* <https://github.com/torvalds/linux/releases/tag/v4.5-rc1>
> *Introducing commit: *
> https://github.com/torvalds/linux/commit/cab47333f0f75b685bce1facecb73bf3632e1360
>
> Then the risk is quite low, right? SPI busses are not user hot-pluggable
>> except some development boards (so again a real niche). Basically it's
>> impact is negligible
>>
> Agreed.
>
> What does it mean "remote device"? NFC? NFC tag does not talk over SPI...
>>
> I was wondering maybe the tag is the source for the content that actually
> overflows the kernel buffer,
> In which case it changes the picture a bit.
The buffer is used for SPI transfer, so the NFC tag - except that it
works with that device - is rather long shot.
Best regards,
Krzysztof