mirror of
https://github.com/FEX-Emu/linux.git
synced 2024-12-24 10:28:57 +00:00
f1e255d60a
In general, accessing userspace memory beyond the length of the supplied
buffer in VFS read/write handlers can lead to both kernel memory corruption
(via kernel_read()/kernel_write(), which can e.g. be triggered via
sys_splice()) and privilege escalation inside userspace.
Fix it by using simple_read_from_buffer() instead of custom logic.
Fixes:
|
||
---|---|---|
.. | ||
sisusbvga | ||
adutux.c | ||
appledisplay.c | ||
chaoskey.c | ||
cypress_cy7c63.c | ||
cytherm.c | ||
ehset.c | ||
emi26.c | ||
emi62.c | ||
ezusb.c | ||
ftdi-elan.c | ||
idmouse.c | ||
iowarrior.c | ||
isight_firmware.c | ||
Kconfig | ||
ldusb.c | ||
legousbtower.c | ||
lvstest.c | ||
Makefile | ||
rio500_usb.h | ||
rio500.c | ||
trancevibrator.c | ||
usb251xb.c | ||
usb3503.c | ||
usb4604.c | ||
usb_u132.h | ||
usblcd.c | ||
usbsevseg.c | ||
usbtest.c | ||
uss720.c | ||
yurex.c |