"value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: fix OOB Read in qrtr_endpoint_post\n\nSyzbot reported slab-out-of-bounds Read in\nqrtr_endpoint_post. The problem was in wrong\n_size_ type:\n\n\tif (len != ALIGN(size, 4) + hdrlen)\n\t\tgoto err;\n\nIf size from qrtr_hdr is 4294967293 (0xfffffffd), the result of\nALIGN(size, 4) will be 0. In case of len == hdrlen and size == 4294967293\nin header this check won't fail and\n\n\tskb_put_data(skb, data + hdrlen, size);\n\nwill read out of bound from data, which is hdrlen allocated block."
"value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: qrtr: arreglar OOB Lectura en qrtr_endpoint_post. Syzbot report\u00f3 slab-out-of-bounds Lectura en qrtr_endpoint_post. El problema estaba en el tipo de _tama\u00f1o_ incorrecto: if (len != ALIGN(size, 4) + hdrlen) goto err; Si el tama\u00f1o de qrtr_hdr es 4294967293 (0xfffffffd), el resultado de ALIGN(size, 4) ser\u00e1 0. En caso de len == hdrlen y size == 4294967293 en el encabezado, esta verificaci\u00f3n no fallar\u00e1 y skb_put_data(skb, data + hdrlen, tama\u00f1o); leer\u00e1 fuera de los l\u00edmites de los datos, que son bloques asignados hdrlen."
