5f6e5350b2
The ESGL bit was left uninitialized when executing the REPORT LUNS ioctl. This could allow a zeroed data buffer to be treated as a scatter/gather list. The firmware would eventually walk past the end of the data buffer, potentially find what looked like a valid address/length pair, and write the result to semi-random memory. Obtained from: Dell EMC Isilon MFC after: 1 week Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19398 |
||
---|---|---|
.. | ||
freebsd/driver | ||
RefTisa | ||
config.h |