Headline
CVE-2023-26242: fpga: dfl-afu-region: Add overflow checks for region size and offset
afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.
@@ -151,12 +151,17 @@ int afu_mmio_region_get_by_offset(struct dfl_feature_platform_data *pdata, struct dfl_afu_mmio_region *region; struct dfl_afu *afu; int ret = 0;
u64 region_size = 0;
mutex_lock(&pdata->lock);
if (check_add_overflow(offset, size, ®ion_size)) {
ret = -EINVAL;goto exit;} afu = dfl_fpga_pdata_get_private(pdata); for_each_region(region, afu) if (region->offset <= offset && - region->offset + region->size >= offset + size) {
region->offset + region->size >= region\_size) { \*pregion = \*region; goto exit; }