| Message ID | 20230202162451.15346-5-thenzl@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | ses: prevent from out of bounds accesses | expand |
diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c index dbfe12f63c98..7a9eb54e8808 100644 --- a/drivers/scsi/ses.c +++ b/drivers/scsi/ses.c @@ -850,7 +850,8 @@ static void ses_intf_remove_enclosure(struct scsi_device *sdev) kfree(ses_dev->page2); kfree(ses_dev); - kfree(edev->component[0].scratch); + if (edev->components) + kfree(edev->component[0].scratch); put_device(&edev->edev); enclosure_unregister(edev);
A fix for: BUG: KASAN: slab-out-of-bounds in ses_intf_remove+0x23f/0x270 [ses] Read of size 8 at addr ffff88a10d32e5d8 by task rmmod/12013 When edev->components is zero, accessing edev->component[0] members is wrong. Signed-off-by: Tomas Henzl <thenzl@redhat.com> --- drivers/scsi/ses.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)