25c23fe40e
commit 4fbcc1a4cb20fe26ad0225679c536c80f1648221 upstream. It appears that there are some buffer overflows in EVT_TRANSACTION. This happens because the length parameters that are passed to memcpy come directly from skb->data and are not guarded in any way. Signed-off-by: Jordy Zomer <jordy@pwning.systems> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Denis Efremov <denis.e.efremov@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| fdp | ||
| microread | ||
| nfcmrvl | ||
| nxp-nci | ||
| pn533 | ||
| pn544 | ||
| s3fwrn5 | ||
| st-nci | ||
| st21nfca | ||
| st95hf | ||
| Kconfig | ||
| Makefile | ||
| mei_phy.c | ||
| mei_phy.h | ||
| nfcsim.c | ||
| port100.c | ||
| trf7970a.c | ||