Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 9d7985f4b416c833b3c6d090401f5f679b04bc7c
commit9d7985f4b416c833b3c6d090401f5f679b04bc7c[log] [tgz]
authorTeow Wan Yee <wy.teow@hi-p.com>Thu Aug 18 16:11:37 2016 +0800
committerWY Teow <wy.teow@hi-p.com>Thu Aug 18 16:13:40 2016 +0800
tree7d5663c1fb734457308f4c648733c03b632d7ad0
parenteb05ec70b1dce87c21a8053dae7a4fd67f71b7f6 [diff]
FPII-2327 : Elevation of privilege vulnerability in Qualcomm camera driver CVE-2016-3859 A-28815326

There is no validation of the reg_cfg_cmd->u.dmi_info.hi_tbl_offset variable passed into the msm_isp_send_hw_cmd function leading to potential kernel memory corruption.
The fix is designed to add additional bounds checks to prevent the kernel memory corruption.

Change-Id: Iada9ce718238c8f3f2926e2d354a5845a3fe1935
1 file changed
tree: 7d5663c1fb734457308f4c648733c03b632d7ad0
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS