Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net/core
History
Kaustubh Pandey a607d76b50 net: core: null pointer derefernce in sockev_client_cb 
sockev_client_cb creates a netlink message and populates
the nlmsg_data using the socket->sock information.
If socket is closed, while the nlmsg_data is being
populated, a null pointer dereference occurs.

BUG: KASAN: null-ptr-deref in sockev_client_cb+0x1e4/0x310
Read of size 2 at addr 0000000000000010 by task syz-executor/9398
CPU: 6 PID: 9398 Comm: syz-executor Tainted: G W O 4.9.92+ #1

Call trace:
[<ffffff94e2bebec4>] sockev_client_cb+0x1e4/0x310
[<ffffff94e14fb20c>] notifier_call_chain+0x94/0xe0
[<ffffff94e14fb894>] __blocking_notifier_call_chain+0x6c/0xb8
[<ffffff94e14fb920>] blocking_notifier_call_chain+0x40/0x50
[<ffffff94e2b727f8>] sockev_notify net/socket.c:180 [inline]
[<ffffff94e2b727f8>] SYSC_listen net/socket.c:1446 [inline]
[<ffffff94e2b727f8>] SyS_listen+0x1e0/0x1f8
[<ffffff94e1483f70>] el0_svc_naked+0x24/0x28

CR's Fixed: 2251042
Change-Id: Iad9eb58cd05fcdc0b5cc1ed24de56b69abb532b4
Signed-off-by: Sharath Chandra Vurukala <sharathv@codeaurora.org>
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
Signed-off-by: Kaustubh Pandey <kapandey@codeaurora.org>
Acked-by: Chinmay Agarwal <chinagar@qti.qualcomm.com>
 		2020-10-11 20:40:04 +02:00
..
Makefile
datagram.c Revert "[stable-only] net: add length argument to skb_copy_and_csum_datagram_iovec" 2019-07-27 22:05:55 +02:00
dev.c treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
dev_addr_lists.c net: fix uninit-value in __hw_addr_add_ex() 2019-07-27 21:49:08 +02:00
dev_ioctl.c
drop_monitor.c drop_monitor: consider inserted data in genlmsg_end 2019-07-27 21:43:42 +02:00
dst.c net: ratelimit warnings about dst entry refcount underflow or overflow 2019-07-27 21:42:33 +02:00
ethtool.c net: ethtool: not call vzalloc for zero sized memory request 2019-07-27 22:10:06 +02:00
fib_rules.c net: core: add UID to flows, rules, and routes 2019-07-27 21:50:59 +02:00
filter.c tcp: take care of truncations done by sk_filter() 2019-07-27 21:42:33 +02:00
flow.c
flow_dissector.c
gen_estimator.c
gen_stats.c gen_stats.c: Duplicate xstats buffer for later use 2015-03-18 13:22:26 +01:00
iovec.c iovec: make sure the caller actually wants anything in memcpy_fromiovecend 2019-07-27 21:45:59 +02:00
link_watch.c
neighbour.c net: neigh: fix multiple neigh timer scheduling 2019-10-27 19:33:27 +01:00
net-procfs.c
net-sysfs.c net-sysfs: Fix memory leak in netdev_register_kobject 2019-08-13 03:29:23 +02:00
net-sysfs.h
net-traces.c
net_namespace.c netns: provide pure entropy for net_hash_mix() 2019-07-27 22:10:05 +02:00
netevent.c
netpoll.c
netprio_cgroup.c
pktgen.c net: pktgen: fix race between pktgen_thread_worker() and kthread_stop() 2015-10-01 12:07:35 +02:00
request_sock.c
rtnetlink.c rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices 2019-07-27 21:53:23 +02:00
scm.c This is the 3.10.95 stable release 2017-04-18 17:14:54 +02:00
secure_seq.c
skbuff.c net: make skb_partial_csum_set() more robust against overflows 2019-07-27 21:53:15 +02:00
sock.c net: fix possible overflow in __sk_mem_raise_allocated() 2020-02-12 22:53:24 +01:00
sock_diag.c net: diag: Add the ability to destroy a socket. 2016-05-18 14:36:07 +05:30
sockev_nlmcast.c net: core: null pointer derefernce in sockev_client_cb 2020-10-11 20:40:04 +02:00
stream.c tcp: make sure EPOLLOUT wont be missed 2019-12-21 19:59:22 +01:00
sysctl_net_core.c This is the 3.10.73 stable release 2015-04-24 18:14:57 -07:00
timestamping.c
user_dma.c
utils.c