linux-stable/drivers
Larry Finger de63cd8b55 staging: rtl8188eu: Fix potential overuse of kernel memory
commit 4ddf8ab8d1 upstream.

In routine wpa_supplicant_ioctl(), the user-controlled p->length is
checked to be at least the size of struct ieee_param size, but the code
does not detect the case where p->length is greater than the size
of the struct, thus a malicious user could be wasting kernel memory.
Fixes commit a2c60d42d9 ("Add files for new driver - part 16").

Reported by: Pietro Oliva <pietroliva@gmail.com>
Cc: Pietro Oliva <pietroliva@gmail.com>
Cc: Stable <stable@vger.kernel.org>
Fixes commit a2c60d42d9 ("Add files for new driver - part 16").
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Link: https://lore.kernel.org/r/20200210180235.21691-4-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-02-28 17:22:17 +01:00
..
accessibility
acpi ACPI: button: Add DMI quirk for Razer Blade Stealth 13 late 2019 lid switch 2020-02-24 08:36:43 +01:00
amba
android binder: fix log spam for existing debugfs file creation. 2020-02-01 09:34:35 +00:00
ata libata: Fix retrieving of active qcs 2020-01-09 10:19:59 +01:00
atm fore200e: Fix incorrect checks of NULL pointer dereference 2020-02-24 08:36:36 +01:00
auxdisplay
base driver core: platform: fix u32 greater or equal to zero comparison 2020-02-24 08:36:55 +01:00
bcma
block floppy: check FDC index for errors before assigning it 2020-02-28 17:22:14 +01:00
bluetooth Bluetooth: btusb: Disable runtime suspend on Realtek devices 2020-02-11 04:35:09 -08:00
bus bus: ti-sysc: Implement quirk handling for CLKDM_NOAUTO 2020-02-24 08:36:35 +01:00
cdrom cdrom: respect device capabilities during opening action 2020-01-04 19:18:25 +01:00
char tpm: Initialize crypto_id of allocated_banks to HASH_ALGO__LAST 2020-02-28 17:22:13 +01:00
clk clk: uniphier: Add SCSSI clock gate for each channel 2020-02-24 08:36:42 +01:00
clocksource clocksource: davinci: only enable clockevents once tim34 is initialized 2020-02-24 08:36:46 +01:00
connector
counter
cpufreq cpufreq: Avoid creating excessively large stack frames 2020-02-11 04:35:25 -08:00
cpuidle cpuidle: teo: Avoid using "early hits" incorrectly 2020-02-05 21:22:52 +00:00
crypto crypto: chtls - Fixed memory leak 2020-02-24 08:36:40 +01:00
dax
dca
devfreq PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency 2020-02-24 08:36:41 +01:00
dio
dma dmaengine: imx-sdma: Fix memory leak 2020-02-24 08:36:40 +01:00
dma-buf dma-buf: Fix memory leak in sync_file_merge() 2019-12-21 11:04:48 +01:00
edac EDAC/sifive: Fix return value check in ecc_register() 2020-02-24 08:36:51 +01:00
eisa
extcon extcon-intel-cht-wc: Don't reset USB data connection at probe 2020-02-01 09:34:46 +00:00
firewire net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:20:06 +01:00
firmware firmware: arm_scmi: Fix doorbell ring logic for !CONFIG_64BIT 2020-01-26 10:01:07 +01:00
fpga
fsi fsi: core: Fix small accesses and unaligned offsets via sysfs 2019-12-31 16:45:09 +01:00
gnss
gpio gpiolib: Set lockdep class for hierarchical irq domains 2020-02-24 08:36:49 +01:00
gpu drm/amdgpu/display: handle multiple numbers of fclks in dcn_calcs.c (v2) 2020-02-24 08:37:03 +01:00
greybus
hid HID: steam: Fix input device disappearing 2020-02-01 09:34:46 +00:00
hsi
hv hv_balloon: Balloon up according to request page number 2020-02-11 04:35:21 -08:00
hwmon hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions. 2020-02-19 19:53:07 +01:00
hwspinlock
hwtracing intel_th: msu: Fix window switching without windows 2019-12-31 16:46:09 +01:00
i2c i2c: stm32f7: report dma error during probe 2020-01-26 10:01:06 +01:00
i3c
ide ide: serverworks: potential overflow in svwks_set_pio_mode() 2020-02-24 08:36:53 +01:00
idle
iio iio: st_gyro: Correct data for LSM9DS0 gyro 2020-02-01 09:34:36 +00:00
infiniband RDMA/mlx5: Don't fake udata for kernel path 2020-02-24 08:36:51 +01:00
input Input: edt-ft5x06 - work around first register access error 2020-02-24 08:36:45 +01:00
interconnect interconnect: qcom: qcs404: Walk the list safely on node removal 2019-12-17 19:55:39 +01:00
iommu iommu/qcom: Fix bogus detach logic 2020-02-28 17:22:12 +01:00
ipack
irqchip irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL 2020-02-24 08:37:01 +01:00
isdn
leds leds: pca963x: Fix open-drain initialization 2020-02-24 08:36:24 +01:00
lightnvm
macintosh
mailbox mailbox: imx: Fix Tx doorbell shutdown path 2020-01-04 19:18:30 +01:00
mcb
md bcache: properly initialize 'path' and 'err' in register_bcache() 2020-02-24 08:37:03 +01:00
media media: uvcvideo: Add a quirk to force GEO GC6500 Camera bits-per-pixel value 2020-02-24 08:36:56 +01:00
memory memory: mtk-smi: Add PM suspend and resume ops 2020-01-17 19:48:59 +01:00
memstick
message scsi: mptfusion: Fix double fetch bug in ioctl 2020-01-23 08:22:35 +01:00
mfd mfd: max77650: Select REGMAP_IRQ in Kconfig 2020-02-14 16:34:19 -05:00
misc misc: xilinx_sdfec: fix xsdfec_poll()'s return type 2020-02-24 08:36:47 +01:00
mmc mmc: core: Rework wp-gpio handling 2020-02-19 19:53:10 +01:00
mtd mtd: sharpslpart: Fix unsigned comparison to zero 2020-02-14 16:34:18 -05:00
mux
net e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm 2020-02-28 17:22:14 +01:00
nfc NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu(). 2020-02-24 08:36:33 +01:00
ntb
nubus
nvdimm libnvdimm/btt: fix variable 'rc' set but not used 2020-01-04 19:18:12 +01:00
nvme nvme-pci: remove nvmeq->tags 2020-02-24 08:37:01 +01:00
nvmem nvmem: core: fix memory abort in cleanup path 2020-02-11 04:35:21 -08:00
of of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc 2020-02-11 04:35:25 -08:00
opp opp: Free static OPPs on errors while adding them 2020-02-24 08:36:34 +01:00
oprofile
parisc
parport parport: load lowlevel driver if ports not found 2019-12-31 16:45:25 +01:00
pci PCI: Add DMA alias quirk for PLX PEX NTB 2020-02-24 08:36:37 +01:00
pcmcia
perf perf/imx_ddr: Fix cpu hotplug state cleanup 2020-02-24 08:36:49 +01:00
phy phy: qualcomm: Adjust indentation in read_poll_timeout 2020-02-11 04:35:45 -08:00
pinctrl pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs 2020-02-24 08:36:41 +01:00
platform platform/x86: intel_mid_powerbtn: Take a copy of ddata 2020-02-14 16:34:12 -05:00
pnp
power power: supply: ltc2941-battery-gauge: fix use-after-free 2020-02-11 04:35:24 -08:00
powercap powercap: intel_rapl: add NULL pointer check to rapl_mmio_cpu_online() 2020-01-14 20:08:18 +01:00
pps
ps3
ptp ptp: free ptp device pin descriptors properly 2020-01-23 08:22:51 +01:00
pwm pwm: Remove set but not set variable 'pwm' 2020-02-24 08:36:53 +01:00
rapidio
ras
regulator regulator: core: Fix exported symbols to the exported GPL version 2020-02-24 08:36:54 +01:00
remoteproc remoteproc: Initialize rproc_class before use 2020-02-24 08:36:54 +01:00
reset reset: uniphier: Add SCSSI reset control for each channel 2020-02-24 08:36:41 +01:00
rpmsg rpmsg: char: release allocated memory 2020-01-14 20:08:37 +01:00
rtc rtc: Kconfig: select REGMAP_I2C when necessary 2020-02-24 08:37:03 +01:00
s390 s390/pkey: fix missing length of protected key on return 2020-02-19 19:53:04 +01:00
sbus
scsi scsi: iscsi: Don't destroy session if there are outstanding connections 2020-02-24 08:36:50 +01:00
sfi
sh
siox
slimbus
soc soc/tegra: fuse: Correct straps' address for older Tegra124 device trees 2020-02-24 08:36:45 +01:00
soundwire soundwire: intel: fix PDI/stream mapping for Bulk 2019-12-31 16:45:11 +01:00
spi spi: spi-fsl-qspi: Ensure width is respected in spi-mem operations 2020-02-24 08:36:54 +01:00
spmi spmi: pmic-arb: Set lockdep class for hierarchical irq domains 2020-02-19 19:53:07 +01:00
ssb
staging staging: rtl8188eu: Fix potential overuse of kernel memory 2020-02-28 17:22:17 +01:00
target scsi: Revert "target/core: Inline transport_lun_remove_cmd()" 2020-02-28 17:22:17 +01:00
tc
tee tee: optee: Fix compilation issue with nommu 2020-02-05 21:22:49 +00:00
thermal thermal: Fix deadlock in thermal thermal_zone_device_check 2019-12-13 08:43:21 +01:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-28 17:22:13 +01:00
tty vt: vt_ioctl: fix race in VT_RESIZEX 2020-02-28 17:22:14 +01:00
uio uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol() 2020-02-24 08:36:27 +01:00
usb usb: dwc3: debug: fix string position formatting mixup with ret and len 2020-02-28 17:22:16 +01:00
vfio vfio/spapr/nvlink2: Skip unpinning pages on error exit 2020-02-24 08:36:43 +01:00
vhost vhost/vsock: accept only packets with the right dst_cid 2020-01-04 19:19:18 +01:00
video pxa168fb: Fix the function used to release some memory in an error handling path 2020-02-24 08:36:25 +01:00
virt
virtio virtio_balloon: prevent pfn array overflow 2020-02-24 08:37:03 +01:00
visorbus visorbus: fix uninitialized variable access 2020-02-24 08:36:47 +01:00
vlynq
vme vme: bridges: reduce stack usage 2020-02-24 08:36:48 +01:00
w1
watchdog drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe 2020-02-14 16:34:18 -05:00
xen xen/balloon: Support xend-based toolstack take two 2020-02-11 04:35:36 -08:00
zorro
Kconfig
Makefile