raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-25 03:22:39 +00:00
Code Issues Projects Releases Wiki Activity
Files
8893b51a89600e6a8d7d79f397b6427edb508f7b
linux/net/bluetooth/hidp
History
Young Xiao c6d1f9b4b2 Bluetooth: hidp: fix buffer overflow 
commit a1616a5ac9 upstream.

Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.

This vulnerability is similar to CVE-2011-1079.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-10 17:54:11 +02:00
..
core.c
Bluetooth: hidp: buffer overflow in hidp_process_report
2018-08-01 09:12:35 +02:00
hidp.h
HID: Bluetooth: hidp: make sure input buffers are big enough
2014-02-17 21:17:55 +01:00
Kconfig
Bluetooth: Introduce BT_BREDR and BT_LE config options
2014-11-02 10:01:53 +02:00
Makefile
Linux-2.6.12-rc2
2005-04-16 15:20:36 -07:00
sock.c
Bluetooth: hidp: fix buffer overflow
2019-05-10 17:54:11 +02:00