misc: mic: Fix for double fetch security bug in VOP driver - user/sven/linux.git

diff options

author	Ashutosh Dixit <ashutosh.dixit@intel.com>	2016-04-27 14:36:05 -0700
committer	Ben Hutchings <ben@decadent.org.uk>	2016-08-22 22:38:29 +0100
commit	72aaf646fb6b6f8f7befb44cbd5b1acd3bb5b483 (patch)
tree	370d8908f63390afda419a9ba0422d840446ff0d /include/linux
parent	c6287499662db0b0caee72d6453e445a2c6162af (diff)

misc: mic: Fix for double fetch security bug in VOP driver

commit 9bf292bfca94694a721449e3fd752493856710f6 upstream. The MIC VOP driver does two successive reads from user space to read a variable length data structure. Kernel memory corruption can result if the data structure changes between the two reads. This patch disallows the chance of this happening. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=116651 Reported by: Pengfei Wang <wpengfeinudt@gmail.com> Reviewed-by: Sudeep Dutt <sudeep.dutt@intel.com> Signed-off-by: Ashutosh Dixit <ashutosh.dixit@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [bwh: Backported to 3.16: - Adjust filename, context - goto exit on failure] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Diffstat (limited to 'include/linux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: