net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() - kernel

diff options

author	Pavel Zhigulin <Pavel.Zhigulin@kaspersky.com>	2025-11-13 14:27:56 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-12-01 11:43:32 +0100
commit	917a9d02182ac8b4f25eb47dc02f3ec679608c24 (patch)
tree	195181a444fc4af84b99f41beecee763a27de45f /include/net/aligned_data.h
parent	d1fd9ca65a8e0e68aa40c62a9203f3d16ed41634 (diff)

net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()

[ Upstream commit 896f1a2493b59beb2b5ccdf990503dbb16cb2256 ] The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator as the stopping condition. If the terminator was missing or malformed, the loop could run past the end of the fixed-size array. Add an explicit bound check using ARRAY_SIZE() in both loops to prevent a potential out-of-bounds access. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 55482edc25f0 ("qede: Add slowpath/fastpath support and enable hardware GRO") Signed-off-by: Pavel Zhigulin <Pavel.Zhigulin@kaspersky.com> Link: https://patch.msgid.link/20251113112757.4166625-1-Pavel.Zhigulin@kaspersky.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'include/net/aligned_data.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: