packages/arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
arm-trusted-firmware/CVE-2024-6563.patch

34 lines
1.0 KiB
Diff
Raw Normal View History

Fix CVE-2024-6563 CVE-2024-6564 (cherry picked from commit 78cabd9a8c227da674bc66dab64d98590896db69)
2024-07-02 23:33:56 +08:00
From: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Date: Sun, 23 Apr 2023 21:37:42 +0900
Subject: [PATCH] rcar-gen3: plat: BL2: Enhanced buffer protection
If the parameter check is an error, the function is terminated immediately.
Reviewed-by: Ilay Levi <Ilay.levi@cymotive.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
---
drivers/renesas/rcar/io/io_rcar.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/renesas/rcar/io/io_rcar.c b/drivers/renesas/rcar/io/io_rcar.c
index b82c510..884d9b1 100644
--- a/drivers/renesas/rcar/io/io_rcar.c
+++ b/drivers/renesas/rcar/io/io_rcar.c
@@ -275,11 +275,13 @@ static int32_t check_load_area(uintptr_t dst, uintptr_t len)
if (dst >= prot_start && dst < prot_end) {
ERROR("BL2: dst address is on the protected area.\n");
result = IO_FAIL;
+ goto done;
}
if (dst < prot_start && dst > prot_start - len) {
ERROR("BL2: loaded data is on the protected area.\n");
result = IO_FAIL;
+ goto done;
}
done:
if (result == IO_FAIL)
--
2.33.0
Reference in New Issue Copy Permalink