[PATCH] macintosh:fix oob read in do_adb_query function
Greg KH
gregkh at linuxfoundation.org
Thu Jul 14 02:43:18 AEST 2022
On Wed, Jul 13, 2022 at 11:37:34PM +0800, Ning Qiang wrote:
> In do_adb_query function of drivers/macintosh/adb.c, req->data is copy
> form userland. the parameter "req->data[2]" is Missing check, the
> array size of adb_handler[] is 16, so "adb_handler[
> req->data[2]].original_address" and "adb_handler[
> req->data[2]].handler_id" will lead to oob read.
>
> Signed-off-by: Ning Qiang <sohu0106 at 126.com>
Cc: stable <stable at kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
More information about the Linuxppc-dev
mailing list