Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 1cb56b4f292b7871b0e84dea93d82001765eac2b
commit1cb56b4f292b7871b0e84dea93d82001765eac2b[log] [tgz]
authorYoung Xiao <YangX92@hotmail.com>Fri Apr 12 15:24:30 2019 +0800
committerchrmhoffmann <chrmhoffmann@gmail.com>Sat Jul 06 12:28:56 2019 +0200
treec45c7cebdfcb82723602d77a2481c44a6fe09446
parent6069b7ca780cab4c0f161ec63f6e78185971f800 [diff]
Bluetooth: hidp: fix buffer overflow

commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream.

Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.

This vulnerability is similar to CVE-2011-1079.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
CVE-2019-11884
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
Change-Id: If26bd0108596f42bb48349146f0c84eb0a675276
1 file changed
tree: c45c7cebdfcb82723602d77a2481c44a6fe09446
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS