Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / f9eff3be2a62f11b670a298ffe1daf9ac394c8bc
commitf9eff3be2a62f11b670a298ffe1daf9ac394c8bc[log] [tgz]
authorTeow Wan Yee <wy.teow@hi-p.com>Mon Oct 17 17:32:24 2016 +0800
committerTeemu Hukkanen <teemu@fairphone.com>Thu Nov 10 15:13:50 2016 +0100
tree76fc18af5782784767d6562538a23a167a1c6007
parent4e3542c936a204b5403c733ba5dbda1be46f3350 [diff]
FPII-2497 : Elevation of privilege vulnerability in kernel networking subsystem CVE-2016-6828 A-31183296

When the tcp_sendmsg function allocates a fresh and empty skb, it puts it at the tail of the write queue.
On a failure condition, a dangling pointer is left leading to a potential use-after-free vulnerability.

The fix is designed to set the highest_sack variable to null to prevent the potential use-after-free vulnerability.

Change-Id: I39fcc4584dee1d66126c028a0c277331df75cbf5
1 file changed
tree: 76fc18af5782784767d6562538a23a167a1c6007
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS