mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-02 23:27:06 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/staging
History
Qiujun Huang b2f60325a3 staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback 
commit 1165dd73e8 upstream.

We can't handle the case length > WLAN_DATA_MAXLEN.
Because the size of rxfrm->data is WLAN_DATA_MAXLEN(2312), and we can't
read more than that.

Thanks-to: Hillf Danton <hdanton@sina.com>
Reported-and-tested-by: syzbot+7d42d68643a35f71ac8a@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200326131850.17711-1-hqjagain@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-02 15:28:21 +02:00
..
android staging: android: ashmem: Disallow ashmem memory from being remapped 2020-02-28 16:38:45 +01:00
axis-fifo
board
clocking-wizard
comedi staging: comedi: ni_mio_common: protect register write overflow 2020-01-27 14:49:58 +01:00
dgnc
emxx_udc
erofs erofs: zero out when listxattr is called with no xattr 2019-12-17 20:35:00 +01:00
fbtft fbtft: Make sure string is NULL terminated 2019-12-31 16:36:10 +01:00
fsl-dpaa2 staging: fsl-dpaa2/ethsw: fix memory leak of switchdev_work 2019-07-14 08:11:22 +02:00
fwserial
gasket staging: gasket: apex: fix copy-paste typo 2019-08-16 10:12:37 +02:00
gdm724x
goldfish
greybus staging: greybus: loopback_test: fix potential path truncations 2020-03-25 08:06:15 +01:00
gs_fpgaboot
iio Staging: iio: adt7316: Fix i2c data reading, set the data field 2019-12-13 08:51:26 +01:00
ks7010
media media: imx: work around false-positive warning, again 2019-11-20 18:47:16 +01:00
most staging: most: net: fix buffer overflow 2020-02-01 09:37:02 +00:00
mt29f_spinand
mt7621-dma
mt7621-dts
mt7621-eth
mt7621-mmc
mt7621-pci
mt7621-pinctrl staging: mt7621-pinctrl: use pinconf-generic for 'dt_node_to_map' and 'dt_free_map' 2019-11-06 13:05:27 +01:00
mt7621-spi
netlogic
nvec
octeon
octeon-usb
olpc_dcon
pi433
rtl8188eu staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table 2020-04-02 15:28:21 +02:00
rtl8192e staging: rtl8192e: fix potential use after free 2019-12-05 09:21:26 +01:00
rtl8192u staging: rtl8192u: fix multiple memory leaks on error path 2019-12-31 16:34:48 +01:00
rtl8712 staging: rtl8712: fix interface sanity check 2019-12-17 20:34:31 +01:00
rtl8723bs staging: rtl8723bs: fix copy of overlapping memory 2020-02-28 16:38:59 +01:00
rtlwifi staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx 2020-01-27 14:50:26 +01:00
rts5208
sm750fb
speakup staging/speakup: fix get_word non-space look-ahead 2020-03-25 08:06:11 +01:00
unisys
vboxvideo
vc04_services staging: bcm2835-camera: fix module autoloading 2020-01-27 14:50:05 +01:00
vme
vt6655 staging: vt6655: Fix memory leak in vt6655_probe 2019-10-17 13:45:11 -07:00
vt6656 staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi. 2020-02-28 16:38:45 +01:00
wilc1000 staging: wilc1000: fix error path cleanup in wilc_wlan_initialize() 2019-09-16 08:22:17 +02:00
wlan-ng staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback 2020-04-02 15:28:21 +02:00
xgifb
Kconfig
Makefile