Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 2cad8aa2 authored by Terence Ho's avatar Terence Ho Committed by Andy Sun
Browse files

msm: ais: Fix kernel overwrite GET_BUF_BY_IDX ioctl 



Assign address of buf_info into ioctl_ptr.
Previously we were copying first 8 bytes of buf_info (content)
into ioctl_ptr. Which is dereferenced and written later causing
kernel overwrite vulnerability.

CRs-fixed: 2013631
Change-Id: Ia27dafe003c2c4d7a59dc2976bee2cfc15978403
Signed-off-by: default avatarTerence Ho <terenceh@codeaurora.org>
Signed-off-by: default avatarAndy Sun <bins@codeaurora.org>
parent 96e3d4de
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment