From 6a73aca921a45ca4ea039441fad2a9bcb4fa0039 Mon Sep 17 00:00:00 2001
From: Tulio A M Mendes <tadryanom@hotmail.com>
Date: Tue, 26 May 2026 02:11:26 -0300
Subject: [PATCH] security: add user_range_ok validation for futex uaddr (Fase
 2)

---
 src/kernel/syscall.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/kernel/syscall.c b/src/kernel/syscall.c
index 9afb2fc0..ed85615b 100644
--- a/src/kernel/syscall.c
+++ b/src/kernel/syscall.c
@@ -4622,6 +4622,11 @@ static void posix_ext_syscall_dispatch(struct registers* regs, uint32_t syscall_
 
         if (!uaddr) { sc_ret(regs) = (uint32_t)-EFAULT; return; }
 
+        /* Validate uaddr is in user space */
+        if (user_range_ok(uaddr, sizeof(uint32_t)) == 0) {
+            sc_ret(regs) = (uint32_t)-EFAULT; return;
+        }
+
         if (op == FUTEX_WAIT) {
             uint32_t cur = 0;
             if (copy_from_user(&cur, uaddr, sizeof(cur)) < 0) {
-- 
2.43.0