Google Git
Sign in
android / kernel / msm / refs/tags/android-wear-6.0.1_r0.67
tagc4f7910cc92cb3ed16ee2401c5b5b1ebb21bcaa4
taggerThe Android Open Source Project <initial-contribution@android.com>Mon Sep 12 10:05:53 2016 -0700
object97857c67136d5f2148365c51f9f6678586c92443 
Android Wear 6.0.1 Release 0.67
commit97857c67136d5f2148365c51f9f6678586c92443[log] [tgz]
authorsanghyun.eom <sanghyun.eom@samsung.com>Thu Aug 04 17:16:43 2016 +0900
committerSanghyun Eom <sanghyun.eom@samsung.com>Mon Aug 08 05:32:06 2016 +0000
tree05e315e2ca6e775a401a6479b0468928b748c4d0
parentd550156beffdf4134760b689c291a56986993042 [diff]
sched: Fix information leak in sys_sched_getattr()

CVE-2014-9903

We're copying the on-stack structure to userspace, but forgot to give
the right number of bytes to copy. This allows the calling process to
obtain up to PAGE_SIZE bytes from the stack (and possibly adjacent
kernel memory).

This fix copies only as much as we actually have on the stack
(attr->size defaults to the size of the struct) and leaves the rest of
the userspace-provided buffer untouched.

Found using kmemcheck + trinity.

Signed-off-by: sanghyun.eom <sanghyun.eom@samsung.com>
1 file changed
tree: 05e315e2ca6e775a401a6479b0468928b748c4d0
  1. android/
  2. arch/
  3. block/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .gitignore
  24. .mailmap
  25. AndroidKernel.mk
  26. build.config
  27. COPYING
  28. CREDITS
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. README
  34. REPORTING-BUGS