a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
177268397d
android_kernel_samsung_a7y1.../drivers/misc
History
Vishnu DASA 177268397d VMCI: Fix integer overflow in VMCI handle arrays 
commit 1c2eb5b2853c9f513690ba6b71072d8eb65da16a upstream.

The VMCI handle array has an integer overflow in
vmci_handle_arr_append_entry when it tries to expand the array. This can be
triggered from a guest, since the doorbell link hypercall doesn't impose a
limit on the number of doorbell handles that a VM can create in the
hypervisor, and these handles are stored in a handle array.

In this change, we introduce a mandatory max capacity for handle
arrays/lists to avoid excessive memory usage.

Signed-off-by: Vishnu Dasa <vdasa@vmware.com>
Reviewed-by: Adit Ranadive <aditr@vmware.com>
Reviewed-by: Jorgen Hansen <jhansen@vmware.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-06 19:30:20 +02:00
..
altera-stapl A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
c2port A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cb710 A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cxl A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
echo A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
eeprom A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
genwqe genwqe: Prevent an integer overflow in the ioctl 2020-04-06 18:45:18 +02:00
gnss_if A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ibmasm A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
lis3lv02d A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
mcu_ipc A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
mei A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
mic A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
modem_if A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
modem_v1 A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
samsung A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sgi-gru A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sgi-xp A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ti-st A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tui A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tzdev A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
usim_det A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
vmw_vmci VMCI: Fix integer overflow in VMCI handle arrays 2020-04-06 19:30:20 +02:00
ad525x_dpot-i2c.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ad525x_dpot-spi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ad525x_dpot.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ad525x_dpot.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
apds990x.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
apds9802als.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
arm-charlcd.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
atmel_tclib.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
atmel-ssc.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
bh1770glc.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
bh1780gli.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
bmp085-i2c.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
bmp085-spi.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
bmp085.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
bmp085.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cs5535-mfgpt.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
dmverity_query.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ds1682.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
dummy-irq.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
enclosure.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
exynos_ima.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
fsa9480.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hmc6352.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hpilo.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hpilo.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ics932s401.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ioc4.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
isl29003.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
isl29020.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Kconfig A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kgdbts.c Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var 2020-04-06 19:03:10 +02:00
lattice-ecp3-config.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
lkdtm.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Makefile A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
memory_state_time.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pch_phub.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
phantom.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pti.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
qcom-coincell.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
spear13xx_pcie_gadget.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sram.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ti_dac7512.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tifm_7xx1.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tifm_core.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tima_debug_log.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tima_debug_test.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tsl2550.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tzic64.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
uid_cputime.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
uid_sys_stats.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
vexpress-syscfg.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
vmw_balloon.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30