Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / common / e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276
commite4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276[log] [tgz]
authorYoung_X <YangX92@hotmail.com>Wed Oct 03 12:54:29 2018 +0000
committerJens Axboe <axboe@kernel.dk>Wed Oct 03 10:20:40 2018 -0600
treefe85b2c9966c3d9ec4721a2a73d308f7444d7db8
parentfb6360b1ef33b7799e6a81e1075a47e3b8ae01fd [diff]
cdrom: fix improper type cast, which can leat to information leak.

There is another cast from unsigned long to int which causes
a bounds check to fail with specially crafted input. The value is
then used as an index in the slot array in cdrom_slot_status().

This issue is similar to CVE-2018-16658 and CVE-2018-10940.

Signed-off-by: Young_X <YangX92@hotmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
1 file changed
tree: fe85b2c9966c3d9ec4721a2a73d308f7444d7db8
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. README