a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2d29d6cec3
android_kernel_samsung_univ.../drivers
History
Martin Schwidefsky 2d29d6cec3 s390/sclp_ctl: fix potential information leak with /dev/sclp 
commit 532c34b5fbf1687df63b3fcd5b2846312ac943c6 upstream.

The sclp_ctl_ioctl_sccb function uses two copy_from_user calls to
retrieve the sclp request from user space. The first copy_from_user
fetches the length of the request which is stored in the first two
bytes of the request. The second copy_from_user gets the complete
sclp request, but this copies the length field a second time.
A malicious user may have changed the length in the meantime.

Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
Reviewed-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Juerg Haefliger <juerg.haefliger@hpe.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-15 08:27:51 +02:00
..
accessibility
acpi ACPI / SRAT: fix SRAT parsing order with both LAPIC and X2APIC present 2016-09-07 08:32:45 +02:00
amba
android
ata libata: LITE-ON CX1-JB256-HP needs lower max_sectors 2016-08-10 11:49:29 +02:00
atm
auxdisplay
base base: make module_create_drivers_dir race-free 2016-07-27 09:47:32 -07:00
bcma x86/quirks: Add early quirk to reset Apple AirPort card 2016-08-10 11:49:24 +02:00
block nbd: ratelimit error msgs after socket close 2016-05-11 11:21:10 +02:00
bluetooth Bluetooth: Add support for Intel Bluetooth device 8265 [8087:0a2b] 2016-09-15 08:27:49 +02:00
bus bus: imx-weim: Take the 'status' property value into account 2016-05-04 14:48:54 -07:00
cdrom
char random: add interrupt callback to VMBus IRQ handler 2016-08-20 18:09:20 +02:00
clk clk: xgene: Fix divider with non-zero shift value 2016-09-15 08:27:39 +02:00
clocksource
connector
cpufreq intel_pstate: Fix MSR_CONFIG_TDP_x addressing in core_get_max_pstate() 2016-08-20 18:09:18 +02:00
cpuidle cpuidle: Fix cpuidle_state_is_coupled() argument in cpuidle_enter() 2016-06-07 18:14:34 -07:00
crypto crypto: nx-842 - Mask XERS0 bit in return value 2016-09-15 08:27:49 +02:00
dca
devfreq
dio
dma dmaengine: usb-dmac: check CHCR.DE bit in usb_dmac_isr_channel() 2016-09-07 08:32:44 +02:00
dma-buf
edac EDAC: Increment correct counter in edac_inc_ue_error() 2016-09-07 08:32:41 +02:00
eisa
extcon extcon: max77843: Use correct size for reading the interrupt register 2016-05-04 14:48:54 -07:00
firewire
firmware efi: Expose non-blocking set_variable() wrapper to efivars 2016-05-04 14:48:49 -07:00
fmc
fpga
gpio gpio: Fix OF build problem on UM 2016-09-07 08:32:43 +02:00
gpu drm/amdgpu/cz: enable/disable vce dpm even if vce pg is disabled 2016-09-15 08:27:50 +02:00
hid HID: core: prevent out-of-bound readings 2016-09-15 08:27:48 +02:00
hsi
hv drivers:hv: Lock access to hyperv_mmio resource tree 2016-09-15 08:27:50 +02:00
hwmon hwmon: (iio_hwmon) fix memory leak in name attribute 2016-09-07 08:32:46 +02:00
hwspinlock
hwtracing intel_th: Fix a deadlock in modprobing 2016-08-10 11:49:30 +02:00
i2c i2c: cros-ec-tunnel: Fix usage of cros_ec_cmd_xfer() 2016-09-07 08:32:43 +02:00
ide
idle intel_idle: Support for Intel Xeon Phi Processor x200 Product Family 2016-09-15 08:27:46 +02:00
iio iio: fix sched WARNING "do not call blocking ops when !TASK_RUNNING" 2016-09-07 08:32:41 +02:00
infiniband IB/IPoIB: Do not set skb truesize since using one linearskb 2016-09-15 08:27:49 +02:00
input Input: xpad - move pending clear to the correct location 2016-09-15 08:27:48 +02:00
iommu iommu/arm-smmu: Don't BUG() if we find aborting STEs with disable_bypass 2016-09-07 08:32:41 +02:00
ipack
irqchip irqchip/gicv3-its: numa: Enable workaround for Cavium thunderx erratum 23144 2016-09-15 08:27:47 +02:00
isdn
leds
lguest
lightnvm lightnvm: fix locking and mempool in rrpc_lun_gc 2016-09-15 08:27:40 +02:00
macintosh
mailbox
mcb mcb: Fixed bar number assignment for the gdd 2016-06-01 12:15:53 -07:00
md dm flakey: error READ bios during the down_interval 2016-08-20 18:09:27 +02:00
media tda10071: Fix dependency to REGMAP_I2C 2016-09-15 08:27:48 +02:00
memory memory: omap-gpmc: Fix omap gpmc EXTRADELAY timing 2016-07-27 09:47:35 -07:00
memstick
message
mfd mfd: qcom_rpm: Parametrize also ack selector size 2016-08-20 18:09:18 +02:00
misc cxl: Enable PCI device ID for future IBM CXL adapter 2016-09-15 08:27:41 +02:00
mmc mmc: sdhci: Do not BUG on invalid vdd 2016-09-15 08:27:45 +02:00
mtd ubi: Fix race condition between ubi device creation and udev 2016-08-20 18:09:26 +02:00
net net: thunderx: Fix link status reporting 2016-09-15 08:27:48 +02:00
nfc
ntb
nubus
nvdimm
nvme nvme: Call pci_disable_device on the error path. 2016-09-15 08:27:51 +02:00
nvmem nvmem: mxs-ocotp: fix buffer overflow in read 2016-05-11 11:21:21 +02:00
of of: fix reference counting in of_graph_get_endpoint_by_regs 2016-09-07 08:32:41 +02:00
oprofile
parisc
parport
pci genirq/msi: Make sure PCI MSIs are activated early 2016-09-07 08:32:38 +02:00
pcmcia
perf
phy
pinctrl pinctrl/amd: Remove the default de-bounce time 2016-09-07 08:32:41 +02:00
platform mfd: cros_ec: Add cros_ec_cmd_xfer_status() helper 2016-09-07 08:32:43 +02:00
pnp PNP: Add Broadwell to Intel MCH size workaround 2016-08-16 09:30:48 +02:00
power power_supply: power_supply_read_temp only if use_cnt > 0 2016-08-10 11:49:27 +02:00
powercap
pps pps: do not crash when failed to register 2016-08-10 11:49:25 +02:00
ps3
ptp
pwm pwm: lpc32xx: fix and simplify duty cycle and period calculations 2016-09-15 08:27:43 +02:00
rapidio
ras
regulator regulator: axp20x: Fix axp22x ldo_io voltage ranges 2016-05-18 17:06:51 -07:00
remoteproc remoteproc: Fix potential race condition in rproc_add 2016-08-20 18:09:20 +02:00
reset
rpmsg
rtc rtc: s3c: Add s3c_rtc_{enable/disable}_clk in s3c_rtc_setfreq() 2016-08-20 18:09:27 +02:00
s390 s390/sclp_ctl: fix potential information leak with /dev/sclp 2016-09-15 08:27:51 +02:00
sbus
scsi cxlflash: Move to exponential back-off when cmd_room is not available 2016-09-15 08:27:50 +02:00
sfi
sh
sn
soc soc: rockchip: power-domain: fix err handle while probing 2016-05-11 11:21:11 +02:00
spi spi: pxa2xx: Clear all RFT bits in reset_sccr1() on Intel Quark 2016-08-20 18:09:19 +02:00
spmi
ssb
staging staging: comedi: ni_mio_common: fix wrong insn_write handler 2016-09-07 08:32:45 +02:00
target target: Fix ordered task CHECK_CONDITION early exception handling 2016-08-20 18:09:26 +02:00
tc
thermal thermal: cpu_cooling: fix improper order during initialization 2016-07-27 09:47:29 -07:00
thunderbolt thunderbolt: Fix double free of drom buffer 2016-06-01 12:15:53 -07:00
tty tty/serial: atmel: fix RS485 half duplex with DMA 2016-08-20 18:09:17 +02:00
uio
usb USB: serial: option: add WeTelecom 0x6802 and 0x6803 products 2016-09-07 08:32:45 +02:00
uwb
vfio vfio/pci: Fix NULL pointer oops in error interrupt setup handling 2016-09-07 08:32:37 +02:00
vhost
video fbdev: da8xx-fb: fix videomodes of lcd panels 2016-05-04 14:48:51 -07:00
virt
virtio virtio: fix memory leak in virtqueue_add() 2016-09-07 08:32:36 +02:00
vlynq
vme
w1 w1:omap_hdq: fix regression 2016-08-20 18:09:22 +02:00
watchdog
xen xenbus: don't bail early from xenbus_dev_request_and_reply() 2016-08-10 11:49:26 +02:00
zorro
Kconfig
Makefile