FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-02-15 09:11:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/drivers
History
Marcel Holtmann 059819a41d [PATCH] Fix buffer overflow in Omnikey CardMan 4040 driver (CVE-2007-0005) 
Based on a patch from Don Howard <dhoward@redhat.com>

When calling write() with a buffer larger than 512 bytes, the
driver's write buffer overflows, allowing to overwrite the EIP and
execute arbitrary code with kernel privileges.

In read(), there exists a similar problem, but coming from the device.
A malicous or buggy device sending more than 512 bytes can overflow
of the driver's read buffer, with the same effects as above.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Harald Welte <laforge@gnumonks.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:01:04 -08:00
..
acorn
[ARM] Acorn: move the i2c bus driver into drivers/i2c
2007-03-04 20:40:50 +00:00
acpi
[PATCH] ACPI: make bay depend on dock
2007-03-01 14:53:38 -08:00
amba
ata
[libata] pata_jmicron: build fix
2007-03-03 10:36:19 -05:00
atm
atm: Use ARRAY_SIZE macro when appropriate
2007-02-17 15:30:48 -05:00
auxdisplay
[PATCH] cfag12864b: fix crash when built-in and no parport present
2007-02-20 17:10:14 -08:00
base
Driver core: fix error by cleanup up symlinks properly
2007-02-23 14:52:09 -08:00
block
[PATCH] initramfs should not depend on CONFIG_BLOCK
2007-03-06 09:30:25 -08:00
bluetooth
[Bluetooth] Make use of MODULE_FIRMWARE
2007-02-26 11:42:42 -08:00
cdrom
[PATCH] Fix soft lockup with iSeries viocd driver
2007-03-05 07:57:51 -08:00
char
[PATCH] Fix buffer overflow in Omnikey CardMan 4040 driver (CVE-2007-0005)
2007-03-06 18:01:04 -08:00
clocksource
[PATCH] clocksource init adjustments (fix bug #7426)
2007-03-05 07:57:53 -08:00
connector
cpufreq
Revert "[CPUFREQ] constify cpufreq_driver where possible."
2007-02-26 14:55:48 -08:00
crypto
[PATCH] geode-aes: use unsigned long for spin_lock_irqsave
2007-03-06 09:30:25 -08:00
dio
dma
edac
[PATCH] EDAC: Add Fully-Buffered DIMM APIs to core
2007-02-12 09:48:32 -08:00
eisa
fc4
[PATCH] remove many unneeded #includes of sched.h
2007-02-14 08:09:54 -08:00
firmware
[PATCH] docbook: add edd firmware interfaces
2007-02-11 10:51:32 -08:00
hid
HID: fix Logitech DiNovo Edge touchwheel and Logic3 /SpectraVideo middle button
2007-03-01 09:54:44 +01:00
hwmon
hwmon/vt1211: Add probing of alternate config index port
2007-02-14 21:15:05 +01:00
i2c
[ARM] Acorn: move the i2c bus driver into drivers/i2c
2007-03-04 20:40:50 +00:00
ide
ide: make legacy IDE VLB modules check for the "probe" kernel params (v2)
2007-03-03 17:48:55 +01:00
ieee1394
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial
2007-02-19 13:29:02 -08:00
infiniband
IPoIB: Correct debugging output when path record lookup fails
2007-02-26 12:57:08 -08:00
input
[PATCH] gpio_keys driver shouldn't be ARM-specific
2007-03-05 07:57:51 -08:00
isdn
[PATCH] Fix buffer overflow and races in capi debug functions
2007-03-01 14:53:39 -08:00
kvm
KVM: Move kvmfs magic number to <linux/magic.h>
2007-03-04 11:12:43 +02:00
leds
leds: Add support for Cobalt Server front LED
2007-02-15 21:37:29 +00:00
macintosh
backlight: Separate backlight properties from backlight ops pointers
2007-02-20 09:26:53 +00:00
mca
md
[PATCH] md: fix for raid6 reshape
2007-03-05 07:57:53 -08:00
media
V4L/DVB (5260): Cx88-blackbird: allow usage of both 376836 and 262144 sized firmware images
2007-03-03 10:14:36 -02:00
message
[PATCH] remove many unneeded #includes of sched.h
2007-02-14 08:09:54 -08:00
mfd
[PATCH] drivers/mfd/sm501.c: Replace pci_module_init with pci_register_driver
2007-02-26 12:35:47 -08:00
misc
backlight: Separate backlight properties from backlight ops pointers
2007-02-20 09:26:53 +00:00
mmc
sdhci: release irq during suspend
2007-03-06 13:38:49 +01:00
mtd
[ARM] 4233/1: nand/s3c2410.c: warning fix
2007-02-25 16:41:41 +00:00
net
sis900 warning fixes
2007-03-06 06:14:54 -05:00
nubus
oprofile
[PATCH] mark struct file_operations const 5
2007-02-12 09:48:45 -08:00
parisc
Merge master.kernel.org:/pub/scm/linux/kernel/git/kyle/parisc-2.6
2007-02-26 12:48:06 -08:00
parport
[PATCH] parport_pc: fix parport_pc_probe_port section warning
2007-02-20 17:10:16 -08:00
pci
[PATCH] msi: support masking msi irqs without a mask bit
2007-03-05 07:57:50 -08:00
pcmcia
Driver core: more fallout from class_device changes for pcmcia
2007-02-23 14:52:09 -08:00
pnp
Pull misc-for-upstream into release branch
2007-02-16 18:52:41 -05:00
ps3
[POWERPC] PS3: System manager support
2007-02-16 14:00:19 +11:00
rapidio
[PATCH] remove many unneeded #includes of sched.h
2007-02-14 08:09:54 -08:00
rtc
[ARM] rtc-pcf8583: Final fixes for this RTC on RiscPC
2007-03-04 20:33:07 +00:00
s390
[VLAN]: Avoid a 4-order allocation.
2007-03-02 20:44:51 -08:00
sbus
[SPARC] uctrl: Check request_irq() return value.
2007-02-26 11:35:51 -08:00
scsi
[ARM] ARM SCSI: Don't try to dma_map_sg too many scatterlist entries
2007-03-04 20:33:31 +00:00
serial
[PATCH] dz: remove struct pt_regs references
2007-03-05 07:57:51 -08:00
sh
sn
[PATCH] IOC3/IOC4: PCI mem space resources
2007-02-11 10:51:25 -08:00
spi
[PATCH] spi_s3c2410_gpio.c spi mode 2 and 3 support
2007-02-20 17:10:16 -08:00
tc
[PATCH] remove many unneeded #includes of sched.h
2007-02-14 08:09:54 -08:00
telephony
[PATCH] remove many unneeded #includes of sched.h
2007-02-14 08:09:54 -08:00
usb
Merge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jikos/hid
2007-03-06 17:34:28 -08:00
video
[PATCH] fbdev: fix kconfig error if FB_DDC=n
2007-03-06 09:30:24 -08:00
w1
[PATCH] w1: Use ARRAY_SIZE macro when appropriate
2007-02-12 09:48:28 -08:00
zorro
[PATCH] mark struct file_operations const 6
2007-02-12 09:48:45 -08:00
Kconfig
[PATCH] drivers: add LCD support
2007-02-11 10:51:24 -08:00
Makefile
[PATCH] drivers: add LCD support
2007-02-11 10:51:24 -08:00