From 431fc4f26f963e827fd1e3693b41e2dc853e9fbc Mon Sep 17 00:00:00 2001
From: Cesar Matias <cesar.maximo@gmail.com>
Date: Mon, 13 Feb 2017 23:49:46 +0000
Subject: MediaTek: Elevation of privilege vulnerability in MediaTek video
 driver

CVE-2016-3936, CVE-2016-3937

An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process

Signed-off-by: Moyster <oysterized@gmail.com>
---
 drivers/misc/mediatek/videox/mt6735/debug.c | 23 -----------------------
 1 file changed, 23 deletions(-)

(limited to 'drivers')

diff --git a/drivers/misc/mediatek/videox/mt6735/debug.c b/drivers/misc/mediatek/videox/mt6735/debug.c
index 8d57dce76..83598160b 100644
--- a/drivers/misc/mediatek/videox/mt6735/debug.c
+++ b/drivers/misc/mediatek/videox/mt6735/debug.c
@@ -1214,29 +1214,6 @@ else if (0 == strncmp(opt, "ata",3))
     {
         dump_layer_info();
     }
-    else if (0 == strncmp(opt, "regw:", 5))
-    {
-        char *p = (char *)opt + 5;
-        unsigned long addr = simple_strtoul(p, &p, 16);
-        unsigned long val  = simple_strtoul(p + 1, &p, 16);
-
-        if (addr) {
-            OUTREG32(addr, val);
-        } else {
-            goto Error;
-        }
-    }
-    else if (0 == strncmp(opt, "regr:", 5))
-    {
-        char *p = (char *)opt + 5;
-        unsigned int addr = (unsigned int) simple_strtoul(p, &p, 16);
-
-        if (addr) {
-            pr_info("DISP/DBG " "Read register 0x%08x: 0x%08x\n", addr, INREG32(addr));
-        } else {
-            goto Error;
-        }
-    }
     else if(0 == strncmp(opt, "dither:", 7))
     {
         unsigned lrs, lgs, lbs, dbr, dbg, dbb;
-- 
cgit v1.2.3