android_kernel_samsung_a7y18lte

a7y18lte-ubports/android_kernel_samsung_a7y18lte

Fork 0

Commit Graph

Author	SHA1	Message	Date
Young Xiao	cacf770e56	Bluetooth: hidp: fix buffer overflow commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream. Struct ca is copied from userspace. It is not checked whether the "name" field is NULL terminated, which allows local users to obtain potentially sensitive information from kernel stack memory, via a HIDPCONNADD command. This vulnerability is similar to CVE-2011-1079. Signed-off-by: Young Xiao <YangX92@hotmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-04-06 16:43:08 +02:00
prashantpaddune	3bca37f224	A750FXXU4CTBC	2020-03-27 21:51:54 +05:30

Author

SHA1

Message

Date

Young Xiao

cacf770e56

Bluetooth: hidp: fix buffer overflow

commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream.

Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.

This vulnerability is similar to CVE-2011-1079.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2020-04-06 16:43:08 +02:00

prashantpaddune

3bca37f224

A750FXXU4CTBC

2020-03-27 21:51:54 +05:30

2 Commits