evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/s390
History
Martin Schwidefsky 2d29d6cec3 s390/sclp_ctl: fix potential information leak with /dev/sclp 
commit 532c34b5fbf1687df63b3fcd5b2846312ac943c6 upstream.

The sclp_ctl_ioctl_sccb function uses two copy_from_user calls to
retrieve the sclp request from user space. The first copy_from_user
fetches the length of the request which is stored in the first two
bytes of the request. The second copy_from_user gets the complete
sclp request, but this copies the length field a second time.
A malicious user may have changed the length in the meantime.

Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
Reviewed-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Juerg Haefliger <juerg.haefliger@hpe.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-15 08:27:51 +02:00
..
block s390/dasd: fix hanging device after clear subchannel 2016-09-07 08:32:41 +02:00
char s390/sclp_ctl: fix potential information leak with /dev/sclp 2016-09-15 08:27:51 +02:00
cio s390/cio: update measurement characteristics 2016-09-15 08:27:42 +02:00
crypto s390/zcrypt: Fix AP queue handling if queue is full 2015-11-27 09:23:29 +01:00
net qeth: initialize net_device with carrier off 2016-09-15 08:27:42 +02:00
scsi Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-09-03 15:46:07 -07:00
virtio virtio/s390: handle error values in irb 2015-12-17 10:37:33 +02:00
Makefile virtio/s390: rename drivers/s390/kvm -> drivers/s390/virtio 2015-07-07 14:27:06 +03:00