Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 7f54bf16 authored by Suren Baghdasaryan's avatar Suren Baghdasaryan Committed by Amit Pundir
Browse files

ANDROID: NFC: st21nfca: Fix out of bounds kernel access when handling ATR_REQ 



Out of bounds kernel accesses in st21nfca's NFC HCI layer
might happen when handling ATR_REQ events if user-specified
atr_req->length is bigger than the buffer size. In
that case memcpy() inside st21nfca_tm_send_atr_res() will
read extra bytes resulting in OOB read from the kernel heap.

Bug: 62679012

Signed-off-by: default avatarSuren Baghdasaryan <surenb@google.com>
parent 6ad24e50
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment