evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/core
History
Tejaswi Tanikella 074c25bf9f net: core: null pointer derefernce in sockev_client_cb 
sockev_client_cb creates a netlink message and populates
the nlmsg_data using the socket->sock information.
If socket is closed, while the nlmsg_data is being
populated, a null pointer dereference occurs.

BUG: KASAN: null-ptr-deref in sockev_client_cb+0x1e4/0x310 net/core/sockev_nlmcast.c:98
Read of size 2 at addr 0000000000000010 by task syz-executor/9398
CPU: 6 PID: 9398 Comm: syz-executor Tainted: G W O 4.9.92+ #1

Call trace:
[<ffffff94e2bebec4>] sockev_client_cb+0x1e4/0x310 net/core/sockev_nlmcast.c:98
[<ffffff94e14fb20c>] notifier_call_chain+0x94/0xe0 kernel/notifier.c:93
[<ffffff94e14fb894>] __blocking_notifier_call_chain+0x6c/0xb8 kernel/notifier.c:317
[<ffffff94e14fb920>] blocking_notifier_call_chain+0x40/0x50 kernel/notifier.c:328
[<ffffff94e2b727f8>] sockev_notify net/socket.c:180 [inline]
[<ffffff94e2b727f8>] SYSC_listen net/socket.c:1446 [inline]
[<ffffff94e2b727f8>] SyS_listen+0x1e0/0x1f8 net/socket.c:1428
[<ffffff94e1483f70>] el0_svc_naked+0x24/0x28

CR's Fixed: 2251042
Change-Id: Iad9eb58cd05fcdc0b5cc1ed24de56b69abb532b4
Signed-off-by: Sharath Chandra Vurukala <sharathv@codeaurora.org>
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
2018-07-11 14:46:19 +05:30
..
datagram.c
dev.c Merge android-4.4.131 (d5d6526) into msm-4.4 2018-05-03 15:53:14 +05:30
dev_addr_lists.c net: fix uninit-value in __hw_addr_add_ex() 2018-05-16 10:06:50 +02:00
dev_ioctl.c net: Zero terminate ifr_name in dev_ifname(). 2017-08-11 09:08:52 -07:00
drop_monitor.c drop_monitor: consider inserted data in genlmsg_end 2017-01-15 13:41:35 +01:00
dst.c Fix an intermittent pr_emerg warning about lo becoming free. 2017-07-05 14:37:13 +02:00
dst_cache.c net: dst_cache_per_cpu_dst_set() can be static 2018-02-25 11:03:55 +01:00
ethtool.c ethtool: do not vzalloc(0) on registers dump 2017-06-17 06:39:36 +02:00
fib_rules.c net: core: add UID to flows, rules, and routes 2017-01-02 14:06:47 +05:30
filter.c bpf: fix 32-bit divide by zero 2018-02-03 17:04:25 +01:00
flow.c
flow_dissector.c Merge android-4.4.114 (fe09418) into msm-4.4 2018-02-01 14:02:45 +05:30
gen_estimator.c
gen_stats.c
link_watch.c
lwtunnel.c
Makefile Merge android-4.4.118 (5f7f76a) into msm-4.4 2018-03-01 17:20:34 +05:30
neighbour.c Merge android-4.4.131 (d5d6526) into msm-4.4 2018-05-03 15:53:14 +05:30
net-procfs.c
net-sysfs.c
net-sysfs.h
net-traces.c
net_namespace.c net: move somaxconn init from sysctl code 2018-04-13 19:50:11 +02:00
netclassid_cgroup.c
netevent.c
netpoll.c UPSTREAM: netpoll: Fix device name check in netpoll_setup() 2018-05-04 20:25:10 +00:00
netprio_cgroup.c
pktgen.c net: pktgen: remove rcu locking in pktgen_change_name() 2016-11-15 07:46:38 +01:00
ptp_classifier.c
request_sock.c
rtnetlink.c rtnetlink: validate attributes in do_setlink() 2018-06-13 16:15:29 +02:00
scm.c
secure_seq.c
skbuff.c Merge android-4.4.135 (c9d74f2) into msm-4.4 2018-06-27 14:42:55 +05:30
sock.c Merge android-4.4.133 (3f51ea2) into msm-4.4 2018-05-31 12:28:38 +05:30
sock_diag.c This is the 4.4.112 stable release 2018-01-17 10:14:26 +01:00
sockev_nlmcast.c net: core: null pointer derefernce in sockev_client_cb 2018-07-11 14:46:19 +05:30
stream.c
sysctl_net_core.c net: move somaxconn init from sysctl code 2018-04-13 19:50:11 +02:00
timestamping.c
tso.c
utils.c