shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-08 11:50:43 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
166414a886583e37bfcc3eca6118587330855bcd
linux/net
History
Hanjie Lin 6933bb77ea RAVENPLAT-247:Kernel components bluetooth - CVE-2018-9363[1/1] 
PD#SWPL-15901

Problem:
In the hidp_process_report in bluetooth, there is an integer overflow.
This could lead to an out of bounds write with no additional execution
privileges needed.  User interaction is not needed for exploitation.

Solution:
The fix is designed to make the length an unsigned integer and prevent
the overflow condition.

Platform:
Raven

Verify:
Raven

Change-Id: I2f7b2c5aea90120777177a4bdf238110e2ec22e2
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
2020-12-17 17:32:08 +09:00
..
6lowpan
9p
9p/trans_virtio: discard zero-length reply
2018-02-22 15:43:50 +01:00
802
8021q
vlan: also check phy_driver ts_info for vlan's real device
2018-04-13 19:48:34 +02:00
appletalk
atm
net: atm: Fix potential Spectre v1
2018-05-16 10:08:44 +02:00
ax25
ax25: Fix segfault after sock connection timeout
2017-02-04 09:47:09 +01:00
batman-adv
batman-adv: fix packet loss for broadcasted DHCP packets to a server
2018-05-30 07:50:38 +02:00
bluetooth
RAVENPLAT-247:Kernel components bluetooth - CVE-2018-9363[1/1]
2020-12-17 17:32:08 +09:00
bridge
Merge 4.9.113 into android-4.9
2018-07-17 12:36:18 +02:00
caif
net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
2017-07-05 14:40:14 +02:00
can
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
2018-01-31 12:55:50 +01:00
ceph
libceph: validate con->state at the top of try_write()
2018-05-01 15:13:09 -07:00
core
Merge 4.9.108 into android-4.9
2018-06-13 16:37:10 +02:00
dcb
net: dcb: set error code on failures
2016-12-03 23:54:25 -05:00
dccp
Merge branch 'android-4.9' into amlogic-4.9-dev
2018-08-07 14:43:24 +08:00
decnet
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
2018-02-25 11:05:44 +01:00
dns_resolver
Merge 4.9.97 into android-4.9
2018-04-30 06:05:25 -07:00
dsa
net: dsa: select NET_SWITCHDEV
2017-11-15 15:53:17 +01:00
ethernet
net: introduce device min_header_len
2017-02-18 15:11:43 +01:00
hsr
hsr: fix incorrect warning
2018-04-13 19:48:29 +02:00
ieee802154
net: ieee802154: fix net_device reference release too early
2018-04-13 19:48:04 +02:00
ipv4
Amlogic: sync the code from mainline. [1/1]
2020-02-04 13:48:58 +09:00
ipv6
Merge 4.9.113 into android-4.9
2018-07-17 12:36:18 +02:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 15:44:41 +02:00
irda
Amlogic: sync the code from mainline. [1/1]
2020-02-04 13:48:58 +09:00
iucv
net/iucv: Free memory obtained by kzalloc
2018-03-31 18:11:34 +02:00
kcm
kcm: Fix use-after-free caused by clonned sockets
2018-06-13 16:16:42 +02:00
key
af_key: Always verify length of provided sadb_key
2018-06-16 09:52:32 +02:00
l2tp
Amlogic: sync the code from mainline. [1/1]
2020-02-04 13:48:58 +09:00
l3mdev
lapb
llc
llc: properly handle dev_queue_xmit() return value
2018-05-30 07:50:39 +02:00
mac80211
Merge branch 'android-4.9' into amlogic-4.9-dev
2018-08-07 14:43:24 +08:00
mac802154
mpls
mpls, nospec: Sanitize array index in mpls_label_ok()
2018-03-11 16:21:34 +01:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
Merge 4.9.113 into android-4.9
2018-07-17 12:36:18 +02:00
netlabel
netlabel: If PF_INET6, check sk_buff ip header version
2018-05-30 07:50:51 +02:00
netlink
netlink: fix uninit-value in netlink_sendmsg
2018-05-16 10:08:40 +02:00
netrom
nfc
Merge 4.9.104 into android-4.9
2018-05-30 13:19:56 +02:00
openvswitch
openvswitch: Remove padding from packet before L3+ conntrack processing
2018-05-30 07:50:23 +02:00
packet
packet: fix reserve calculation
2018-06-13 16:16:42 +02:00
phonet
qrtr
qrtr: add MODULE_ALIAS macro to smd
2018-05-30 07:50:32 +02:00
rds
RDS: IB: Fix null pointer issue
2018-05-30 07:50:25 +02:00
rfkill
Merge 4.9.100 into android-4.9
2018-05-16 11:39:34 +02:00
rose
rxrpc
rxrpc: Don't treat call aborts as conn aborts
2018-05-30 07:50:42 +02:00
sched
net/sched: act_simple: fix parsing of TCA_DEF_DATA
2018-06-26 08:08:06 +08:00
sctp
sctp: not allow transport timeout value less than HZ/5 for hb_timer
2018-06-13 16:16:43 +02:00
strparser
strparser: Fix incorrect strp->need_bytes value.
2018-04-29 11:32:02 +02:00
sunrpc
Merge 4.9.96 into android-4.9
2018-04-24 11:26:46 +02:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: add policy for TIPC_NLA_NET_ADDR
2018-04-29 11:32:01 +02:00
unix
19af5c5 dtv_demod: add AGC control for board t309 [1/1]
2019-05-06 21:14:10 +08:00
vmw_vsock
vsock: cancel packets when failing to connect
2017-12-25 14:23:38 +01:00
wimax
wireless
Merge branch 'android-4.9' into amlogic-4.9-dev
2018-08-07 14:43:24 +08:00
x25
net: x25: fix one potential use-after-free issue
2018-04-13 19:48:00 +02:00
xfrm
Merge branch 'android-4.9' into amlogic-4.9-dev
2018-08-07 14:43:24 +08:00
compat.c
net: support compat 64-bit time in {s,g}etsockopt
2018-05-19 10:26:58 +02:00
Kconfig
add support for clang Control Flow Integrity (CFI)
2018-02-28 15:09:58 -08:00
Makefile
socket.c
Amlogic: sync the code from mainline. [1/1]
2020-02-04 13:48:58 +09:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00