ACK: [CVE-2016-8405][PATCH T/Y] fbdev: color map copying bounds checking
Seth Forshee
seth.forshee at canonical.com
Wed Jul 12 13:59:26 UTC 2017
On Mon, Jul 03, 2017 at 12:18:51PM +0800, Po-Hsu Lin wrote:
> From: Kees Cook <keescook at chromium.org>
>
> Copying color maps to userspace doesn't check the value of to->start,
> which will cause kernel heap buffer OOB read due to signedness wraps.
>
> CVE-2016-8405
>
> Link: http://lkml.kernel.org/r/20170105224249.GA50925@beast
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Kees Cook <keescook at chromium.org>
> Reported-by: Peter Pi (@heisecode) of Trend Micro
> Cc: Min Chong <mchong at google.com>
> Cc: Dan Carpenter <dan.carpenter at oracle.com>
> Cc: Tomi Valkeinen <tomi.valkeinen at ti.com>
> Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie at samsung.com>
> Cc: <stable at vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
> Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
> (cherry picked from commit 2dc705a9930b4806250fbf5a76e55266e59389f2)
>
> Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
Acked-by: Seth Forshee <seth.forshee at canonical.com>
More information about the kernel-team
mailing list