Re: [PATCH] Bluetooth: hidp: fix buffer overflow

From: Marcel Holtmann
Date: Tue Apr 23 2019 - 13:05:03 EST

Next message: Stefano Stabellini: "Re: [PATCH 3/3] xen/swiotlb: remember having called xen_create_contiguous_region()"
Previous message: Will Deacon: "Re: [PATCH] The patch solves the type error of the parameter âoffâ in syscall mmap on the ARM64 platform."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Young,

> Struct ca is copied from userspace. It is not checked whether the "name"
> field is NULL terminated, which allows local users to obtain potentially
> sensitive information from kernel stack memory, via a HIDPCONNADD command.
>
> This vulnerability is similar to CVE-2011-1079.
>
> Signed-off-by: Young Xiao <YangX92@xxxxxxxxxxx>
> ---
> net/bluetooth/hidp/sock.c | 1 +
> 1 file changed, 1 insertion(+)

patch has been applied to bluetooth-next tree.

Regards

Marcel

Next message: Stefano Stabellini: "Re: [PATCH 3/3] xen/swiotlb: remember having called xen_create_contiguous_region()"
Previous message: Will Deacon: "Re: [PATCH] The patch solves the type error of the parameter âoffâ in syscall mmap on the ARM64 platform."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]