1. 16 7月, 2016 3 次提交
    • J
      xfs: fix type confusion in xfs_ioc_swapext · 3e0a3965
      Jann Horn 提交于
      Without this check, the following XFS_I invocations would return bad
      pointers when used on non-XFS inodes (perhaps pointers into preceding
      allocator chunks).
      
      This could be used by an attacker to trick xfs_swap_extents into
      performing locking operations on attacker-chosen structures in kernel
      memory, potentially leading to code execution in the kernel.  (I have
      not investigated how likely this is to be usable for an attack in
      practice.)
      Signed-off-by: NJann Horn <jann@thejh.net>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Dave Chinner <david@fromorbit.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      3e0a3965
    • J
      media: fix airspy usb probe error path · aa93d1fe
      James Patrick-Evans 提交于
      Fix a memory leak on probe error of the airspy usb device driver.
      
      The problem is triggered when more than 64 usb devices register with
      v4l2 of type VFL_TYPE_SDR or VFL_TYPE_SUBDEV.
      
      The memory leak is caused by the probe function of the airspy driver
      mishandeling errors and not freeing the corresponding control structures
      when an error occours registering the device to v4l2 core.
      
      A badusb device can emulate 64 of these devices, and then through
      continual emulated connect/disconnect of the 65th device, cause the
      kernel to run out of RAM and crash the kernel, thus causing a local DOS
      vulnerability.
      
      Fixes CVE-2016-5400
      Signed-off-by: NJames Patrick-Evans <james@jmp-e.com>
      Reviewed-by: NKees Cook <keescook@chromium.org>
      Cc: stable@vger.kernel.org # 3.17+
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      aa93d1fe
    • T
      EDAC, sb_edac: Fix Knights Landing · 0ba169ac
      Tony Luck 提交于
      In commit 2c1ea4c7 ("EDAC, sb_edac: Use cpu family/model in driver
      detection") I broke Knights Landing because I failed to notice that it
      called a wrapper macro "sbridge_get_all_devices_knl" instead of
      "sbridge_get_all_devices" like all the other types.
      
      Now that we include the processor type in the pci_id_table structure we
      can skip the wrappers and just have the sbridge_get_all_devices() check
      the type to decide whether to allow duplicate devices and controllers to
      have registers spread across buses.
      
      Fixes: 2c1ea4c7 ("EDAC, sb_edac: Use cpu family/model in driver detection")
      Tested-by: NLukasz Odzioba <lukasz.odzioba@intel.com>
      Acked-by: NAristeu Rozanski <aris@redhat.com>
      Signed-off-by: NTony Luck <tony.luck@intel.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0ba169ac
  2. 15 7月, 2016 31 次提交
  3. 14 7月, 2016 5 次提交
  4. 13 7月, 2016 1 次提交