iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers
History
Dan Rosenberg a1f74ae82d [SCSI] mpt2sas: prevent heap overflows and unchecked reads 
At two points in handling device ioctls via /dev/mpt2ctl, user-supplied
length values are used to copy data from userspace into heap buffers
without bounds checking, allowing controllable heap corruption and
subsequently privilege escalation.

Additionally, user-supplied values are used to determine the size of a
copy_to_user() as well as the offset into the buffer to be read, with no
bounds checking, allowing users to read arbitrary kernel memory.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Acked-by: Eric Moore <eric.moore@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-04-24 11:01:59 -05:00
..
accessibility
acpi
Fix common misspellings
2011-03-31 11:26:23 -03:00
amba
PM / Hibernate: Introduce CONFIG_HIBERNATE_CALLBACKS
2011-04-11 22:54:42 +02:00
ata
Fix common misspellings
2011-03-31 11:26:23 -03:00
atm
Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6
2011-04-07 11:14:49 -07:00
auxdisplay
Fix common misspellings
2011-03-31 11:26:23 -03:00
base
PM: Add missing syscore_suspend() and syscore_resume() calls
2011-04-20 00:36:11 +02:00
block
Fix common misspellings
2011-03-31 11:26:23 -03:00
bluetooth
Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6
2011-04-07 11:14:49 -07:00
cdrom
Fix common misspellings
2011-03-31 11:26:23 -03:00
char
Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus
2011-04-21 09:58:42 -07:00
clk
clocksource
connector
connector: fix skb double free in cn_rx_skb()
2011-04-12 14:38:57 -07:00
cpufreq
Fix common misspellings
2011-03-31 11:26:23 -03:00
cpuidle
crypto
Fix common misspellings
2011-03-31 11:26:23 -03:00
dca
drivers/dca/dca-core.c: use list_move() instead of list_del()/list_add() combination
2011-03-22 17:44:12 -07:00
dio
dma
Merge branch 'spi/merge' of git://git.secretlab.ca/git/linux-2.6
2011-04-11 15:44:38 -07:00
edac
Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6
2011-04-07 11:14:49 -07:00
eisa
firewire
Fix common misspellings
2011-03-31 11:26:23 -03:00
firmware
sigma-firmware: loader for Analog Devices' SigmaStudio
2011-03-22 17:44:15 -07:00
gpio
Merge branch 'spi/merge' of git://git.secretlab.ca/git/linux-2.6
2011-04-11 15:44:38 -07:00
gpu
Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
2011-04-21 09:57:56 -07:00
hid
Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6
2011-04-07 11:14:49 -07:00
hwmon
hwmon: (pmbus) Removed unused variable from struct pmbus_data
2011-04-19 08:49:56 -07:00
hwspinlock
hwspinlock: depend on OMAP4
2011-03-18 17:15:11 -07:00
i2c
i2c-algo-bit: Call pre/post_xfer for bit_test
2011-04-17 10:20:19 +02:00
ide
ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd
2011-04-21 19:43:59 +02:00
idle
ieee802154
ieee802154: change to new flag variable
2011-03-17 14:05:34 +01:00
infiniband
Fix common misspellings
2011-03-31 11:26:23 -03:00
input
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2011-04-18 13:29:03 -07:00
isdn
Fix common misspellings
2011-03-31 11:26:23 -03:00
leds
leds/leds-regulator.c: fix handling of already enabled regulators
2011-04-14 16:06:54 -07:00
lguest
Fix common misspellings
2011-03-31 11:26:23 -03:00
macintosh
Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6
2011-04-07 11:14:49 -07:00
mca
md
raid5: fix build error, sector_t usage
2011-04-21 10:00:00 -07:00
media
Revert "[media] V4L: videobuf, don't use dma addr as physical"
2011-04-19 10:54:44 -07:00
memstick
Fix common misspellings
2011-03-31 11:26:23 -03:00
message
Fix common misspellings
2011-03-31 11:26:23 -03:00
mfd
mfd: Fetch cell pointer from platform_device->mfd_cell
2011-04-12 11:13:00 +02:00
misc
drivers/misc/sgi-gru/grufile.c: fix the wrong members of gru_chip
2011-04-14 16:06:55 -07:00
mmc
Fix common misspellings
2011-03-31 11:26:23 -03:00
mtd
Merge git://git.infradead.org/mtd-2.6
2011-04-09 13:23:50 -07:00
net
ip6_pol_route panic: Do not allow VLAN on loopback
2011-04-17 23:27:16 -07:00
nfc
nubus
of
Fix common misspellings
2011-03-31 11:26:23 -03:00
oprofile
parisc
Fix common misspellings
2011-03-31 11:26:23 -03:00
parport
parport_pc.c: correctly release the requested region for the IT887x
2011-04-19 16:36:24 -07:00
pci
Merge git://git.infradead.org/iommu-2.6
2011-04-21 09:56:35 -07:00
pcmcia
ARM: pxa: convert incorrect IRQ_TO_IRQ() to irq_to_gpio()
2011-04-13 09:30:40 +08:00
platform
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mjg59/platform-drivers-x86
2011-04-13 09:15:55 -07:00
pnp
Fix common misspellings
2011-03-31 11:26:23 -03:00
power
drivers: Final irq namespace conversion
2011-03-29 14:48:19 +02:00
pps
Fix common misspellings
2011-03-31 11:26:23 -03:00
ps3
Fix common misspellings
2011-03-31 11:26:23 -03:00
rapidio
RapidIO/mpc85xx: fix possible mport registration problems
2011-04-14 16:06:56 -07:00
regulator
Fix common misspellings
2011-03-31 11:26:23 -03:00
rtc
RTC: rtc-omap: Fix a leak of the IRQ during init failure
2011-04-18 10:39:38 +02:00
s390
Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6
2011-04-08 07:36:14 -07:00
sbus
Fix common misspellings
2011-03-31 11:26:23 -03:00
scsi
[SCSI] mpt2sas: prevent heap overflows and unchecked reads
2011-04-24 11:01:59 -05:00
sfi
Fix common misspellings
2011-03-31 11:26:23 -03:00
sh
sh: Fix irq cleanup fallout
2011-03-30 00:15:49 +02:00
sn
spi
Merge branch 'spi/merge' of git://git.secretlab.ca/git/linux-2.6
2011-04-11 15:44:38 -07:00
ssb
Fix common misspellings
2011-03-31 11:26:23 -03:00
staging
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mjg59/platform-drivers-x86
2011-04-12 15:24:23 -07:00
target
Fix common misspellings
2011-03-31 11:26:23 -03:00
tc
telephony
Fix common misspellings
2011-03-31 11:26:23 -03:00
thermal
tty
tty/n_gsm: fix bug in CRC calculation for gsm1 mode
2011-04-19 16:38:50 -07:00
uio
Fix common misspellings
2011-03-31 11:26:23 -03:00
usb
Revert "USB: isp1760-hcd: move imask clear after pending work is done"
2011-04-14 13:37:07 -07:00
uwb
Fix common misspellings
2011-03-31 11:26:23 -03:00
vhost
vhost-net: remove unlocked use of receive_queue
2011-03-13 23:08:19 +02:00
video
ARM: pxafb: Fix access to nonexistent member of pxafb_info
2011-04-12 23:07:42 +08:00
virtio
virtio_pci: Prevent double-free of pci regions after device hot-unplug
2011-04-21 22:57:00 +09:30
vlynq
vlynq: Convert irq functions
2011-03-28 19:33:04 +02:00
w1
Fix common misspellings
2011-03-31 11:26:23 -03:00
watchdog
watchdog: mpc8xxx_wdt: fix build
2011-04-07 20:20:24 +00:00
xen
PM: Add missing syscore_suspend() and syscore_resume() calls
2011-04-20 00:36:11 +02:00
zorro
Kconfig
Makefile