git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Young Xiao <YangX92@hotmail.com>
	Fri, 7 Jun 2019 22:16:49 +0000 (15:16 -0700)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Mon, 24 Jun 2019 14:21:33 +0000 (16:21 +0200)
commit	4aa04124368986488ce018e11bcfde36f9352135
tree	4480690477f03c510a078db9bfea94da964181ab	tree
parent	55c2400b3e6a12f134ea6f8204c66e9f8ee8d158	commit \| diff

Bluetooth: hidp: fix buffer overflow

CVE-2019-11884

Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.

This vulnerability is similar to CVE-2011-1079.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
(cherry picked from commit a1616a5ac99ede5d605047a9012481ce7ff18b16)
Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com>
Acked-by: Kamal Mostafa <kamal@canonical.com>
Acked-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>