Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / ba9d06143f95342c7d87c6528510ceb910c3cd45
commitba9d06143f95342c7d87c6528510ceb910c3cd45[log] [tgz]
authorPeter Lee <peter.lee@hi-p.com>Mon Oct 24 16:34:35 2016 +0800
committerTeemu Hukkanen <teemu@fairphone.com>Sat Nov 19 13:01:14 2016 +0100
tree4be879e3229f15947968125ed7833f4ca0e11a1f
parent56cb8a58e31ad45e5792f6c7327b9eea615e0e8e [diff]
FPII-2516 : Elevation of privilege vulnerability in Qualcomm camera driver CVE-2016-6740 A-30143904

High

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process.

Additional technical details:

A-30143904
(Qualcomm ref#: CR#1056307)
There is a possible stack overflow vulnerability in the msm_camera_qup_i2c_write_seq function because the size of the variable length array on the stack is acquired from user space.

The fix is designed to add additional bounds checks to prevent the potential stack overflow vulnerability.

Link to publicly available patch:
Qualcomm patch: CR 1056307: https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=ef78bd62f0c064ae4c827e158d828b2c110ebcdc

Change-Id: I030d623e4f10b6eb5ab8a65d889f1622191857c9
2 files changed
tree: 4be879e3229f15947968125ed7833f4ca0e11a1f
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS