Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net
History
Mathias Krause 555144b63d xfrm_user: return error pointer instead of NULL 
[ Upstream commit 864745d291 ]

When dump_one_state() returns an error, e.g. because of a too small
buffer to dump the whole xfrm state, xfrm_state_netlink() returns NULL
instead of an error pointer. But its callers expect an error pointer
and therefore continue to operate on a NULL skbuff.

This could lead to a privilege escalation (execution of user code in
kernel context) if the attacker has CAP_NET_ADMIN and is able to map
address 0.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-10-13 05:38:40 +09:00
..
9p 9p: BUG before corrupting memory 2012-06-22 11:37:15 -07:00
802
8021q net: Fix memory leak - vlan_info struct 2012-08-09 08:31:41 -07:00
appletalk
atm atm: fix info leak via getsockname() 2012-10-02 10:29:36 -07:00
ax25
batman-adv batman-adv: only drop packets of known wifi clients 2012-07-16 09:04:11 -07:00
bluetooth Bluetooth: Fix sending a HCI Authorization Request over LE links 2012-10-02 10:30:34 -07:00
bridge bridge: Assign rtnl_link_ops to bridge devices created via ioctl (v2) 2012-07-16 09:03:49 -07:00
caif caif: Fix access to freed pernet memory 2012-08-09 08:31:42 -07:00
can net: remove skb_orphan_try() 2012-07-16 09:03:48 -07:00
ceph
core net: Statically initialize init_net.dev_base_head 2012-10-02 10:30:35 -07:00
dcb
dccp dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO) 2012-10-02 10:29:37 -07:00
decnet
dns_resolver
dsa
econet
ethernet
ieee802154
ipv4 net: ipv4: ipmr_expire_timer causes crash when removing net namespace 2012-10-02 10:29:50 -07:00
ipv6 ipv6: addrconf: Avoid calling netdevice notifiers with RCU read-side lock 2012-10-02 10:29:35 -07:00
ipx
irda
iucv net: remove skb_orphan_try() 2012-07-16 09:03:48 -07:00
key
l2tp l2tp: avoid to use synchronize_rcu in tunnel free function 2012-10-02 10:29:42 -07:00
lapb
llc llc: fix info leak via getsockname() 2012-10-02 10:29:37 -07:00
mac80211 mac80211: clear bssid on auth/assoc failure 2012-10-02 10:30:07 -07:00
netfilter ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT) 2012-10-02 10:29:37 -07:00
netlabel
netlink netlink: fix possible spoofing from non-root processes 2012-10-02 10:29:38 -07:00
netrom
nfc NFC: Prevent multiple buffer overflows in NCI 2012-07-16 09:03:50 -07:00
openvswitch openvswitch: Reset upper layer protocol info on internal devices. 2012-10-02 10:29:50 -07:00
packet af_packet: don't emit packet on orig fanout group 2012-10-02 10:29:37 -07:00
phonet
rds rds: set correct msg_namelen 2012-10-02 10:30:35 -07:00
rfkill
rose
rxrpc
sched net_sched: gact: Fix potential panic in tcf_gact(). 2012-10-02 10:29:34 -07:00
sctp sctp: Fix list corruption resulting from freeing an association on a list 2012-08-09 08:31:42 -07:00
sunrpc svcrpc: sends on closed socket should stop immediately 2012-09-14 10:00:19 -07:00
tipc
unix af_netlink: force credentials passing [CVE-2012-3520] 2012-10-02 10:29:37 -07:00
wanrouter wanmain: comparing array with NULL 2012-08-09 08:31:51 -07:00
wimax
wireless cfg80211: fix possible circular lock on reg_regdb_search() 2012-10-02 10:30:09 -07:00
x25
xfrm xfrm_user: return error pointer instead of NULL 2012-10-13 05:38:40 +09:00
compat.c net: Fix references to out-of-scope variables in put_cmsg_compat() 2012-08-09 08:31:42 -07:00
Kconfig
Makefile
nonet.c
socket.c net: fix info leak in compat dev_ifconf() 2012-10-02 10:29:37 -07:00
sysctl_net.c