TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
267d84449f
twx-linux/drivers/video
History
Kees Cook 2dc705a993 fbdev: color map copying bounds checking 
Copying color maps to userspace doesn't check the value of to->start,
which will cause kernel heap buffer OOB read due to signedness wraps.

CVE-2016-8405

Link: http://lkml.kernel.org/r/20170105224249.GA50925@beast
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Peter Pi (@heisecode) of Trend Micro
Cc: Min Chong <mchong@google.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Tomi Valkeinen <tomi.valkeinen@ti.com>
Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-01-24 16:26:14 -08:00
..
backlight backlight: pwm_bl: Handle gpio that can sleep 2016-10-06 09:27:26 +01:00
console Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
fbdev fbdev: color map copying bounds checking 2017-01-24 16:26:14 -08:00
logo treewide: replace obsolete _refok by __ref 2016-08-02 17:31:41 -04:00
display_timing.c
hdmi.c video: Add new aspect ratios for HDMI 2.0 2016-10-17 14:23:46 +02:00
Kconfig fbdev: sh_mipi_dsi: remove driver 2016-05-10 11:53:38 +03:00
Makefile
of_display_timing.c Merge branch 'drm/next/du' of git://linuxtv.org/pinchartl/media into drm-next 2016-11-16 09:39:21 +10:00
of_videomode.c video: Fix possible leak in of_get_videomode() 2015-08-10 15:11:12 +03:00
vgastate.c
videomode.c