Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d4b67761 authored by Terence Ho's avatar Terence Ho
Browse files

msm: ais: Fix kernel overwrite GET_BUF_BY_IDX ioctl 



Assign address of buf_info into ioctl_ptr.
Previously we were copying first 8 bytes of buf_info (content)
into ioctl_ptr. Which is dereferenced and written later causing
kernel overwrite vulnerability.

CRs-fixed: 2013631
Change-Id: Ia27dafe003c2c4d7a59dc2976bee2cfc15978403
Signed-off-by: default avatarTerence Ho <terenceh@codeaurora.org>
parent e539a094
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment