WSL2-Linux-Kernel/drivers/s390
Martin Schwidefsky 532c34b5fb s390/sclp_ctl: fix potential information leak with /dev/sclp
The sclp_ctl_ioctl_sccb function uses two copy_from_user calls to
retrieve the sclp request from user space. The first copy_from_user
fetches the length of the request which is stored in the first two
bytes of the request. The second copy_from_user gets the complete
sclp request, but this copies the length field a second time.
A malicious user may have changed the length in the meantime.

Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
Reviewed-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-04-27 09:33:39 +02:00
..
block s390/dcssblk: fix possible deadlock in remove vs. per-device attributes 2016-04-15 18:01:44 +02:00
char s390/sclp_ctl: fix potential information leak with /dev/sclp 2016-04-27 09:33:39 +02:00
cio s390: Use pr_warn instead of pr_warning 2016-03-07 13:12:04 +01:00
crypto s390/zcrypt: Fix cryptographic device id in kernel messages 2016-01-26 12:46:58 +01:00
net s390: Use pr_warn instead of pr_warning 2016-03-07 13:12:04 +01:00
scsi Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-09-03 15:46:07 -07:00
virtio virtio/s390: size of SET_IND payload 2016-03-02 18:08:59 +02:00
Makefile