Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net
History
Kaustubh Pandey a607d76b50 net: core: null pointer derefernce in sockev_client_cb 
sockev_client_cb creates a netlink message and populates
the nlmsg_data using the socket->sock information.
If socket is closed, while the nlmsg_data is being
populated, a null pointer dereference occurs.

BUG: KASAN: null-ptr-deref in sockev_client_cb+0x1e4/0x310
Read of size 2 at addr 0000000000000010 by task syz-executor/9398
CPU: 6 PID: 9398 Comm: syz-executor Tainted: G W O 4.9.92+ #1

Call trace:
[<ffffff94e2bebec4>] sockev_client_cb+0x1e4/0x310
[<ffffff94e14fb20c>] notifier_call_chain+0x94/0xe0
[<ffffff94e14fb894>] __blocking_notifier_call_chain+0x6c/0xb8
[<ffffff94e14fb920>] blocking_notifier_call_chain+0x40/0x50
[<ffffff94e2b727f8>] sockev_notify net/socket.c:180 [inline]
[<ffffff94e2b727f8>] SYSC_listen net/socket.c:1446 [inline]
[<ffffff94e2b727f8>] SyS_listen+0x1e0/0x1f8
[<ffffff94e1483f70>] el0_svc_naked+0x24/0x28

CR's Fixed: 2251042
Change-Id: Iad9eb58cd05fcdc0b5cc1ed24de56b69abb532b4
Signed-off-by: Sharath Chandra Vurukala <sharathv@codeaurora.org>
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
Signed-off-by: Kaustubh Pandey <kapandey@codeaurora.org>
Acked-by: Chinmay Agarwal <chinagar@qti.qualcomm.com>
 		2020-10-11 20:40:04 +02:00
..
9p
802
8021q
appletalk net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
atm
ax25 net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
batman-adv
bluetooth Bluetooth: Check state in l2cap_disconnect_rsp 2019-08-05 03:10:33 +02:00
bridge net: bridge: multicast: use rcu to access port list from br_multicast_start_querier 2019-08-15 21:02:28 +02:00
caif
can net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
ceph
core net: core: null pointer derefernce in sockev_client_cb 2020-10-11 20:40:04 +02:00
dcb
dccp net/dccp: fix use after free in tw_timer_handler() 2019-07-27 22:08:37 +02:00
decnet net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
dns_resolver dns_resolver: Do not accept domain names longer than 255 chars 2019-07-27 22:07:53 +02:00
dsa
ethernet
ieee802154 net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
ipc_router net: ipc_router: Do not allow change of default security rule 2020-06-06 20:31:07 +02:00
ipv4 igmp: fix memory leak in igmpv3_del_delrec() 2019-10-27 19:33:52 +01:00
ipv6 igmp, mld: Fix memory leak in igmpv3/mld_del_delrec() 2019-10-27 19:33:52 +01:00
ipx net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
irda net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
iucv
key af_key: fix leaks in key_pol_get_resp and dump_sp. 2019-10-27 19:33:52 +01:00
l2tp net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
lapb
llc net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
mac80211 mac80211: use constant time comparison with keys 2019-07-27 21:45:47 +02:00
mac802154
netfilter ANDROID: fix a bug in quota2 2020-08-24 20:37:32 +02:00
netlabel netlabel: check for IPV4MASK in addrinfo_get 2019-09-28 20:28:33 +02:00
netlink net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
netrom net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
nfc net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
openvswitch
packet net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
phonet net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
rds net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
rfkill net: rfkill: move poll work to power efficient workqueue 2019-07-27 22:11:06 +02:00
rmnet_data net: rmnet_data: Change the log level for unknown IOCTL's 2019-07-27 21:51:01 +02:00
rose net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
rxrpc net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
sched net: Prevent invalid access to skb->prev in __qdisc_drop_all 2019-07-27 21:53:24 +02:00
sctp sctp: fix a type cast warnings that causes a_rwnd gets the wrong value 2019-07-27 21:45:39 +02:00
sunrpc kernel: make groups_sort calling a responsibility group_info allocators 2019-07-27 21:46:18 +02:00
tipc net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
unix net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
vmw_vsock net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
wimax
wireless msm: wlan: Modify JP regulatory rules 2020-03-20 22:08:35 +01:00
x25 net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
xfrm xfrm: validate template mode 2019-09-28 20:28:33 +02:00
Kconfig
Makefile
activity_stats.c
compat.c net: support compat 64-bit time in {s,g}etsockopt 2019-07-27 21:49:09 +02:00
nonet.c
socket.c kernel-wide: fix missing validations on __get/__put/__copy_to/__copy_from_user() 2019-07-27 22:10:26 +02:00
sysctl_net.c