Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
staging: vt6655: integer overflows in private_ioctl()
There are two potential integer overflows in private_ioctl() if userspace passes in a large sList.uItem / sNodeList.uItem. The subsequent call to kmalloc() would allocate a small buffer, leading to a memory corruption. Reported-by: Dan Rosenberg <[email protected]> Signed-off-by: Xi Wang <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
- Loading branch information