git.baikalelectronics.ru Git - kernel.git/commit

]> git.baikalelectronics.ru Git - kernel.git/commit

author	Young Xiao <YangX92@hotmail.com>
	Fri, 12 Apr 2019 07:24:30 +0000 (15:24 +0800)
committer	Marcel Holtmann <marcel@holtmann.org>
	Tue, 23 Apr 2019 17:04:38 +0000 (19:04 +0200)
commit	118d64f7c8b6642274e18e9ca0203c40facc5c03
tree	c330e3f1724257262c97a58e772e119003738154	tree \| snapshot
parent	24bd781e4af2a6159ccd306aaff37b81ffa08ef4	commit \| diff

Bluetooth: hidp: fix buffer overflow

Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.

This vulnerability is similar to CVE-2011-1079.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org

net/bluetooth/hidp/sock.c

diff | blob | history

Linux Kernel Source Tree.

RSS Atom