git.baikalelectronics.ru Git - kernel.git/commit

author	Kees Cook <keescook@chromium.org>
	Wed, 3 Jul 2013 22:01:14 +0000 (15:01 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Wed, 3 Jul 2013 23:07:25 +0000 (16:07 -0700)
commit	41b244993cd01197eceddb2a5d3710e51003c07d
tree	21fdc09c7011ed9a1b85e98f7718a58a2c903d32	tree \| snapshot
parent	6ec12590d94df826cf4f17a0166c3311c1297bba	commit \| diff

block: do not pass disk names as format strings

Disk names may contain arbitrary strings, so they must not be
interpreted as format strings. It seems that only md allows arbitrary
strings to be used for disk names, but this could allow for a local
memory corruption from uid 0 into ring 0.

CVE-2013-2851

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

block/genhd.c		diff \| blob \| history
drivers/block/nbd.c		diff \| blob \| history
drivers/scsi/osd/osd_uld.c		diff \| blob \| history