Bluetooth: hidp: fix buffer overflow - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Young Xiao <YangX92@hotmail.com>	2019-04-12 15:24:30 +0800
committer	Moyster <oysterized@gmail.com>	2019-07-08 13:36:44 +0200
commit	4f81ee462b091eaec602e8b70a9360fecfc58696 (patch)
tree	99f13d9347a46d2b99306a16f1764c51c83be37d /kernel/rtmutex.c
parent	c40adf4802ec6c7b2f2eac7a28f384b3beb3759d (diff)

Bluetooth: hidp: fix buffer overflow

commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream. Struct ca is copied from userspace. It is not checked whether the "name" field is NULL terminated, which allows local users to obtain potentially sensitive information from kernel stack memory, via a HIDPCONNADD command. This vulnerability is similar to CVE-2011-1079. Change-Id: I3a503e62da6ecb15e4ab64783229f914e520c9c4 Signed-off-by: Young Xiao <YangX92@hotmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'kernel/rtmutex.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: