Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 20132043 authored by Xi Wang's avatar Xi Wang Committed by Greg Kroah-Hartman
Browse files

staging: vt6656: integer overflows in private_ioctl() 



There are two potential integer overflows in private_ioctl() if
userspace passes in a large sList.uItem / sNodeList.uItem.  The
subsequent call to kmalloc() would allocate a small buffer, leading
to a memory corruption.

Reported-by: default avatarDan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: default avatarXi Wang <xi.wang@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 2a58b19f
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment