commit | f9eff3be2a62f11b670a298ffe1daf9ac394c8bc | [log] [tgz] |
---|---|---|
author | Teow Wan Yee <wy.teow@hi-p.com> | Mon Oct 17 17:32:24 2016 +0800 |
committer | Teemu Hukkanen <teemu@fairphone.com> | Thu Nov 10 15:13:50 2016 +0100 |
tree | 76fc18af5782784767d6562538a23a167a1c6007 | |
parent | 4e3542c936a204b5403c733ba5dbda1be46f3350 [diff] |
FPII-2497 : Elevation of privilege vulnerability in kernel networking subsystem CVE-2016-6828 A-31183296 When the tcp_sendmsg function allocates a fresh and empty skb, it puts it at the tail of the write queue. On a failure condition, a dangling pointer is left leading to a potential use-after-free vulnerability. The fix is designed to set the highest_sack variable to null to prevent the potential use-after-free vulnerability. Change-Id: I39fcc4584dee1d66126c028a0c277331df75cbf5