Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 29d9449a50dab85204d088e62f11dac55dce676e
commit29d9449a50dab85204d088e62f11dac55dce676e[log] [tgz]
authorTeow Wan Yee <wy.teow@hi-p.com>Fri Aug 26 13:43:29 2016 +0800
committerTeemu Hukkanen <teemu@fairphone.com>Wed Sep 21 14:30:18 2016 +0200
tree5d3d6de62eeddfb157c81da666f1ac83ca6d3d36
parent158d8994a55f441db630d47b8c2b72dd20126b97 [diff]
FPII-2320: Elevation of privilege vulnerability in kernel USB driver CVE-2014-4655 A-29916012

The snd_ctl_elem_add function in sound/core/control.c file, in the ALSA control implementation in the Linux kernel before 3.15.2, does not properly maintain the user_ctl_count value, which allows local users to execute code in the kernel by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
The fix is designed to use the snd_ctl_remove_user_ctl function, which does

proper permission checks and decrements user_ctl_count after the control

Change-Id: Id8ba70327eb6723d6528d2a1793d6f4e9b475d51
1 file changed
tree: 5d3d6de62eeddfb157c81da666f1ac83ca6d3d36
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS