shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-26 20:40:24 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
ccf4f2933df8bf3b7a070bfbb7b99fbff9fa63cf
linux/drivers
History
Zhang Xiaohui b35029a1f2 mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start 
[ Upstream commit 5c455c5ab3 ]

mwifiex_cmd_802_11_ad_hoc_start() calls memcpy() without checking
the destination size may trigger a buffer overflower,
which a local user could use to cause denial of service
or the execution of arbitrary code.
Fix it by putting the length check before calling memcpy().

Signed-off-by: Zhang Xiaohui <ruc_zhangxiaohui@163.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201206084801.26479-1-ruc_zhangxiaohui@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-01-09 13:43:48 +01:00
..
accessibility
acpi
ACPI: PNP: compare the string length in the matching_id()
2020-12-30 11:26:08 +01:00
amba
android
binder: fix UAF when releasing todo list
2020-10-29 09:54:56 +01:00
ata
ata: sata_nv: Fix retrieving of active qcs
2020-11-05 11:08:38 +01:00
atm
atm: nicstar: Unmap DMA on send error
2020-11-24 13:27:15 +01:00
auxdisplay
auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach
2019-09-06 10:21:56 +02:00
base
PM: runtime: Resume the device earlier in __device_release_driver()
2020-11-10 12:36:01 +01:00
bcma
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
2020-01-27 14:51:09 +01:00
block
null_blk: Fix zone size initialization
2021-01-06 14:44:59 +01:00
bluetooth
Bluetooth: hci_h5: close serdev device and free hu in h5_close
2021-01-06 14:45:00 +01:00
bus
bus: fsl-mc: fix error return code in fsl_mc_object_allocate()
2020-12-30 11:26:02 +01:00
cdrom
cdrom: respect device capabilities during opening action
2020-01-04 19:13:12 +01:00
char
random32: make prandom_u32() output unpredictable
2020-11-18 19:18:52 +01:00
clk
clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9
2020-12-30 11:26:16 +01:00
clocksource
clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI
2020-12-30 11:26:00 +01:00
connector
connector: fix unsafe usage of ->real_parent
2019-03-19 13:12:38 +01:00
cpufreq
cpufreq: scpi: Add missing MODULE_ALIAS
2020-12-30 11:26:01 +01:00
cpuidle
cpuidle: Fixup IRQ state
2020-09-09 19:04:23 +02:00
crypto
crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe
2020-12-30 11:25:55 +01:00
dax
mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses
2019-05-22 07:37:40 +02:00
dca
devfreq
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
2020-10-01 13:14:26 +02:00
dio
dma
dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate()
2021-01-09 13:43:47 +01:00
dma-buf
dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling)
2020-10-01 13:14:24 +02:00
edac
EDAC/amd64: Fix PCI component registration
2020-12-30 11:26:10 +01:00
eisa
extcon
extcon: max77693: Fix modalias string
2020-12-30 11:26:03 +01:00
firewire
net: add annotations on hh->hh_len lockless accesses
2020-01-09 10:19:09 +01:00
firmware
firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp
2020-10-01 13:14:35 +02:00
fmc
fpga
fpga: dfl: fix bug in port reset handshake
2020-07-29 10:16:48 +02:00
fsi
fsi: sbefifo: Don't fail operations when in SBE IPL state
2020-01-27 14:51:00 +01:00
gnss
gnss: sirf: fix error return code in sirf_probe()
2020-06-22 09:05:28 +02:00
gpio
gpio: eic-sprd: break loop when getting NULL device resource
2020-12-30 11:25:45 +01:00
gpu
drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor()
2020-12-30 11:26:13 +01:00
hid
HID: i2c-hid: add Vero K147 to descriptor override
2020-12-30 11:25:48 +01:00
hsi
HSI: omap_ssi: Don't jump to free ID in ssi_add_controller()
2020-12-30 11:25:57 +01:00
hv
hv_balloon: disable warning when floor reached
2020-11-18 19:18:41 +01:00
hwmon
hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61}
2020-10-29 09:55:02 +01:00
hwspinlock
hwtracing
coresight: tmc-etr: Check if page is valid before dma_map_page()
2020-12-30 11:25:48 +01:00
i2c
i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
2020-12-11 13:25:04 +01:00
ide
ide: serverworks: potential overflow in svwks_set_pio_mode()
2020-02-24 08:34:49 +01:00
idle
x86/cpu: Sanitize FAM6_ATOM naming
2019-05-14 19:17:53 +02:00
iio
iio:magnetometer:mag3110: Fix alignment and data leak issues.
2021-01-09 13:43:48 +01:00
infiniband
RDMA/cxgb4: Validate the number of CQEs
2020-12-30 11:25:56 +01:00
input
Input: cyapa_gen6 - fix out-of-bounds stack access
2020-12-30 11:26:07 +01:00
iommu
iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs
2020-12-11 13:25:03 +01:00
ipack
ipack: tpci200: fix error return code in tpci200_register()
2020-05-27 17:37:43 +02:00
irqchip
irqchip/alpine-msi: Fix freeing of interrupts on allocation error path
2020-12-30 11:26:03 +01:00
isdn
PCI: add USR vendor id and use it in r8169 and w6692 driver
2020-06-22 09:05:23 +02:00
leds
leds: bcm6328, bcm6358: use devres LED registering function
2020-11-05 11:08:46 +01:00
lightnvm
lightnvm: pblk: fix lock order in pblk_rb_tear_down_check
2020-01-27 14:50:45 +01:00
macintosh
drivers/macintosh: Fix memleak in windfarm_pm112 driver
2020-06-22 09:05:29 +02:00
mailbox
mailbox: avoid timer start from callback
2020-10-30 10:38:21 +01:00
mcb
md
dm verity: skip verity work if I/O error when system is shutting down
2021-01-06 14:45:01 +01:00
media
media: gp8psk: initialize stats at power control logic
2021-01-06 14:45:00 +01:00
memory
memory: emif: Remove bogus debugfs error handling
2020-11-05 11:08:45 +01:00
memstick
memstick: r592: Fix error return in r592_probe()
2020-12-30 11:26:00 +01:00
message
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
2020-11-05 11:08:47 +01:00
mfd
mfd: sprd: Add wakeup capability for PMIC IRQ
2020-11-18 19:18:46 +01:00
misc
misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells()
2021-01-06 14:45:00 +01:00
mmc
mmc: block: Fixup condition for CMD13 polling for RPMB requests
2020-12-30 11:25:39 +01:00
mtd
Revert "mtd: spinand: Fix OOB read"
2021-01-09 13:43:47 +01:00
mux
net
mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
2021-01-09 13:43:48 +01:00
nfc
nfc: s3fwrn5: Release the nfc firmware
2020-12-30 11:26:04 +01:00
ntb
NTB: hw: amd: fix an issue about leak system resources
2020-10-30 10:38:25 +01:00
nubus
nvdimm
libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels
2020-12-30 11:26:17 +01:00
nvme
nvme: free sq/cq dbbuf pointers when dbbuf set fails
2020-12-02 08:48:09 +01:00
nvmem
nvmem: qfprom: remove incorrect write support
2020-06-10 21:35:00 +02:00
of
of/address: Fix of_node memory leak in of_dma_is_coherent
2020-11-18 19:18:48 +01:00
opp
OPP: Fix missing debugfs supply directory for OPPs
2020-01-27 14:50:04 +01:00
oprofile
parisc
parisc: mask out enable and reserved bits from sba imask
2020-08-19 08:15:07 +02:00
parport
parport: load lowlevel driver if ports not found
2019-12-31 16:36:01 +01:00
pci
PCI: Fix pci_slot_release() NULL pointer dereference
2020-12-30 11:26:17 +01:00
pcmcia
perf
drivers/perf: xgene_pmu: Fix uninitialized resource struct
2020-10-29 09:55:00 +01:00
phy
phy: tegra: xusb: Fix dangling pointer on probe failure
2020-12-02 08:48:10 +01:00
pinctrl
pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler
2020-12-30 11:26:16 +01:00
platform
platform/x86: mlx-platform: remove an unused variable
2020-12-30 11:26:17 +01:00
pnp
power
power: supply: bq24190_charger: fix reference leak
2020-12-30 11:25:57 +01:00
powercap
powercap: restrict energy meter to root access
2020-11-10 21:11:27 +01:00
pps
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
2019-08-04 09:30:56 +02:00
ps3
powerpc/ps3: use dma_mapping_error()
2020-12-30 11:26:04 +01:00
ptp
ptp: free ptp device pin descriptors properly
2020-01-23 08:21:35 +01:00
pwm
pwm: lp3943: Dynamically allocate PWM chip base
2020-12-30 11:26:05 +01:00
rapidio
rapidio: fix the missed put_device() for rio_mport_add_riodev
2020-10-30 10:38:21 +01:00
ras
RAS/CEC: Fix pfn insertion
2019-07-26 09:14:05 +02:00
regulator
regulator: workaround self-referent regulators
2020-11-24 13:27:25 +01:00
remoteproc
remoteproc: qcom: q6v5: Update running state before requesting stop
2020-08-21 11:05:34 +02:00
reset
reset: uniphier: Add SCSSI reset control for each channel
2020-02-24 08:34:44 +01:00
rpmsg
rpmsg: glink: Use complete_all for open states
2020-11-05 11:08:43 +01:00
rtc
rtc: sun6i: Fix memleak in sun6i_rtc_clk_init
2021-01-06 14:45:01 +01:00
s390
s390/dasd: fix list corruption of lcu list
2020-12-30 11:26:10 +01:00
sbus
scsi
scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free()
2020-12-30 11:26:15 +01:00
sfi
sh
siox
slimbus
slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI
2020-12-30 11:25:57 +01:00
sn
soc
soc: qcom: smp2p: Safely acquire spinlock without IRQs
2020-12-30 11:26:14 +01:00
soundwire
soundwire: intel: fix PDI/stream mapping for Bulk
2019-12-31 16:35:55 +01:00
spi
spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path
2020-12-30 11:26:14 +01:00
spmi
ssb
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
2019-05-31 06:46:04 -07:00
staging
spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe
2020-12-30 11:26:14 +01:00
target
scsi: target: iscsi: Fix cmd abort fabric stop race
2020-12-02 08:48:10 +01:00
tc
tee
optee: add writeback to valid memory type
2020-12-02 08:48:12 +01:00
thermal
thermal: rcar_thermal: Handle probe error gracefully
2020-10-01 13:14:39 +02:00
thunderbolt
thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
2020-11-18 19:18:49 +01:00
tty
serial_core: Check for port state when tty is in error state
2020-12-30 11:25:48 +01:00
uio
uio: Fix use-after-free in uio_unregister_device()
2020-11-18 19:18:49 +01:00
usb
USB: serial: keyspan_pda: fix write unthrottling
2020-12-30 11:26:11 +01:00
uwb
vfio
vfio/pci: Move dummy_resources_list init in vfio_pci_probe()
2021-01-06 14:44:59 +01:00
vhost
vringh: fix __vringh_iov() when riov and wiov are different
2020-11-05 11:08:53 +01:00
video
video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init()
2020-12-30 11:25:54 +01:00
virt
drivers/virt/fsl_hypervisor: Fix error handling path
2020-10-29 09:55:09 +01:00
virtio
virtio_ring: Avoid loop when vq is broken in virtqueue_poll
2020-08-26 10:31:01 +02:00
visorbus
visorbus: fix uninitialized variable access
2020-02-24 08:34:47 +01:00
vlynq
vme
vme: bridges: reduce stack usage
2020-02-24 08:34:47 +01:00
w1
w1: mxc_w1: Fix timeout resolution problem leading to bus error
2020-11-05 11:08:47 +01:00
watchdog
watchdog: coh901327: add COMMON_CLK dependency
2020-12-30 11:26:05 +01:00
xen
xen/gntdev.c: Mark pages as dirty
2021-01-06 14:44:59 +01:00
zorro
Kconfig
Makefile