Bluetooth: hidp: fix buffer overflow - linux-dev - Linux kernel development work

diff options

author	Young Xiao <YangX92@hotmail.com>	2019-04-12 15:24:30 +0800
committer	Marcel Holtmann <marcel@holtmann.org>	2019-04-23 19:04:38 +0200
commit	a1616a5ac99ede5d605047a9012481ce7ff18b16 (patch)
tree	c330e3f1724257262c97a58e772e119003738154 /drivers/bluetooth/btbcm.c
parent	Bluetooth: btmrvl: add support for SD8987 chipset (diff)
download	linux-dev-a1616a5ac99ede5d605047a9012481ce7ff18b16.tar.xz linux-dev-a1616a5ac99ede5d605047a9012481ce7ff18b16.zip

Bluetooth: hidp: fix buffer overflow

Struct ca is copied from userspace. It is not checked whether the "name" field is NULL terminated, which allows local users to obtain potentially sensitive information from kernel stack memory, via a HIDPCONNADD command. This vulnerability is similar to CVE-2011-1079. Signed-off-by: Young Xiao <YangX92@hotmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org

Diffstat (limited to 'drivers/bluetooth/btbcm.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: