Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / f2bfbf7c72f13ce0bd58802379e8b7664adcaf1a
commitf2bfbf7c72f13ce0bd58802379e8b7664adcaf1a[log] [tgz]
authorPeter Lee <peter.lee@hi-p.com>Mon Oct 24 11:08:09 2016 +0800
committerTeemu Hukkanen <teemu@fairphone.com>Sat Nov 19 13:06:17 2016 +0100
treea6c86b82b6e8ca1fcfb8858ad67159d566201bcd
parent80e7edaaf1862c27059dbe94092538dca479fb2c [diff]
FPII-2522 : Elevation of privilege vulnerability in Synaptics touchscreen driver CVE-2016-6745 A-31252388

High

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process.

Additional technical details:

A-31252388
The global variable fwu is accessible in the fwu_sysfs_image_size_store and fwu_sysfs_store_image functions without any locks. This results in a potential race condition leading to a heap overflow.

The fix is designed to add locks to prevent the potential race condition.

Code snippet provided in bulletin patches zip file in the Downloads section: https://support.google.com/androidpartners_security/answer/7169146?hl=en&ref_topic=6353496#downloads

Change-Id: Ibf82dd6c4af5220094a13f694540f5ff624038cf
1 file changed
tree: a6c86b82b6e8ca1fcfb8858ad67159d566201bcd
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS