git.baikalelectronics.ru Git - kernel.git/commit

]> git.baikalelectronics.ru Git - kernel.git/commit

author	Young_X <YangX92@hotmail.com>
	Wed, 3 Oct 2018 12:54:29 +0000 (12:54 +0000)
committer	Jens Axboe <axboe@kernel.dk>
	Wed, 3 Oct 2018 16:20:40 +0000 (10:20 -0600)
commit	070587bcd292bc24ec3ad561b881cc47169f5f4f
tree	fe85b2c9966c3d9ec4721a2a73d308f7444d7db8	tree \| snapshot
parent	562b85225ce07c147810e19e9101f617eb71688e	commit \| diff

cdrom: fix improper type cast, which can leat to information leak.

There is another cast from unsigned long to int which causes
a bounds check to fail with specially crafted input. The value is
then used as an index in the slot array in cdrom_slot_status().

This issue is similar to CVE-2018-16658 and CVE-2018-10940.

Signed-off-by: Young_X <YangX92@hotmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

drivers/cdrom/cdrom.c

diff | blob | history

Linux Kernel Source Tree.

RSS Atom