Bluetooth: hidp: fix buffer overflow - kernel/linux.git

diff options

author	Young Xiao <YangX92@hotmail.com>	2019-04-12 10:24:30 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-05-16 10:17:21 +0300
commit	9c47ad93de73786aef31033e2aabd9df020e68cd (patch)
tree	426eaa0417ebde6c817a437eda75f71787954205 /sound
parent	6ee71083b16ff449757a6ceb232720f09607edc2 (diff)
download	linux-9c47ad93de73786aef31033e2aabd9df020e68cd.tar.xz

Bluetooth: hidp: fix buffer overflow

commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream. Struct ca is copied from userspace. It is not checked whether the "name" field is NULL terminated, which allows local users to obtain potentially sensitive information from kernel stack memory, via a HIDPCONNADD command. This vulnerability is similar to CVE-2011-1079. Signed-off-by: Young Xiao <YangX92@hotmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'sound')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: