APPLIED[J]: [SRU Bionic/Focal/Impish/Jammy] nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
Andrea Righi
andrea.righi at canonical.com
Tue Apr 5 15:34:51 UTC 2022
On Tue, Apr 05, 2022 at 10:40:56AM -0300, Thadeu Lima de Souza Cascardo wrote:
> From: Jordy Zomer <jordy at pwning.systems>
>
> It appears that there are some buffer overflows in EVT_TRANSACTION.
> This happens because the length parameters that are passed to memcpy
> come directly from skb->data and are not guarded in any way.
>
> Signed-off-by: Jordy Zomer <jordy at pwning.systems>
> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
> Signed-off-by: David S. Miller <davem at davemloft.net>
> (cherry picked from commit 4fbcc1a4cb20fe26ad0225679c536c80f1648221)
> CVE-2022-26490
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
Applied to jammy/linux.
Thanks,
-Andrea
More information about the kernel-team
mailing list