media: dvb_ca_en50221: avoid speculation from CA slot

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

As warned by smatch:
drivers/media/dvb-core/dvb_ca_en50221.c:1392 dvb_ca_en50221_io_do_ioctl() warn: potential spectre issue 'ca->slot_info' [r] (local cap)

There's a potential of using a CAM ioctl for speculation.

The risk here is minimum, as only a small subset of DVB
boards have CI, with a CAM module installed. Also, exploiting
it would require a user capable of starting a DVB application.

There are probably a lot of easier ways to try to exploit.

Yet, it doesn't harm addressing it.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>

Mauro Carvalho Chehab 4 years ago d382c5be 6ef43d27

1 changed file

expand all

drivers

media

dvb-core

dvb_ca_en50221.c

drivers/media/dvb-core/dvb_ca_en50221.c

··· 1386 1386 err = -EINVAL; 1387 1387 goto out_unlock; 1388 1388 } 1389 + slot = array_index_nospec(slot, ca->slot_count); 1389 1390 1390 1391 info->type = CA_CI_LINK; 1391 1392 info->flags = 0;