"value":"In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl\n\nFix an issue detected by syzbot with KASAN:\n\nBUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/\ncore.c:416 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0\ndrivers/acpi/nfit/core.c:459\n\nThe issue occurs in cmd_to_func when the call_pkg->nd_reserved2\narray is accessed without verifying that call_pkg points to a buffer\nthat is appropriately sized as a struct nd_cmd_pkg. This can lead\nto out-of-bounds access and undefined behavior if the buffer does not\nhave sufficient space.\n\nTo address this, a check was added in acpi_nfit_ctl() to ensure that\nbuf is not NULL and that buf_len is less than sizeof(*call_pkg)\nbefore accessing it. This ensures safe access to the members of\ncall_pkg, including the nd_reserved2 array."
"value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: acpi: nfit: vmalloc-out-of-bounds Lectura en acpi_nfit_ctl Se soluciona un problema detectado por syzbot con KASAN: ERROR: KASAN: vmalloc-out-of-bounds en cmd_to_func drivers/acpi/nfit/ core.c:416 [en l\u00ednea] ERROR: KASAN: vmalloc-out-of-bounds en acpi_nfit_ctl+0x20e8/0x24a0 drivers/acpi/nfit/core.c:459 El problema ocurre en cmd_to_func cuando se accede a la matriz call_pkg->nd_reserved2 sin verificar que call_pkg apunte a un b\u00fafer que tenga el tama\u00f1o adecuado como una estructura nd_cmd_pkg. Esto puede provocar un acceso fuera de los l\u00edmites y un comportamiento indefinido si el b\u00fafer no tiene suficiente espacio. Para solucionar este problema, se agreg\u00f3 una verificaci\u00f3n en acpi_nfit_ctl() para garantizar que buf no sea NULL y que buf_len sea menor que sizeof(*call_pkg) antes de acceder a \u00e9l. Esto garantiza un acceso seguro a los miembros de call_pkg, incluida la matriz nd_reserved2."
