aboutsummaryrefslogtreecommitdiff
path: root/security/keys/keyctl.c
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-01-24 15:18:24 -0800
committerMoyster <oysterized@gmail.com>2017-06-17 15:46:40 +0200
commita6606f0e55eb765c6bab667e250680d78da13ef4 (patch)
tree8f9fbf61de8fa322c6e241bb75c7f6029d9a3644 /security/keys/keyctl.c
parent41f4de62e9e9c5cbb4ff2a1cf469eb15c409eb38 (diff)
fbdev: color map copying bounds checking
commit 2dc705a9930b4806250fbf5a76e55266e59389f2 upstream. Copying color maps to userspace doesn't check the value of to->start, which will cause kernel heap buffer OOB read due to signedness wraps. CVE-2016-8405 Link: http://lkml.kernel.org/r/20170105224249.GA50925@beast Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Kees Cook <keescook@chromium.org> Reported-by: Peter Pi (@heisecode) of Trend Micro Cc: Min Chong <mchong@google.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: Tomi Valkeinen <tomi.valkeinen@ti.com> Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Willy Tarreau <w@1wt.eu>
Diffstat (limited to 'security/keys/keyctl.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-14 07:47:55 +0000