git.baikalelectronics.ru Git - kernel.git/commit

]> git.baikalelectronics.ru Git - kernel.git/commit

author	Young Xiao <YangX92@hotmail.com>
	Fri, 12 Apr 2019 07:24:30 +0000 (15:24 +0800)
committer	Marcel Holtmann <marcel@holtmann.org>
	Tue, 23 Apr 2019 17:04:38 +0000 (19:04 +0200)
commit	ef623f69ba32885d5a933886561e4b0b4ac7c0c7
tree	c330e3f1724257262c97a58e772e119003738154	tree \| snapshot
parent	30cba5227572421590f61bd68e901c9b6bad07af	commit \| diff

Bluetooth: hidp: fix buffer overflow

Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.

This vulnerability is similar to CVE-2011-1079.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org

net/bluetooth/hidp/sock.c

diff | blob | history

Linux Kernel Source Tree.

RSS Atom