qiurui
/
Ubuntu-focal-kernel
mirror of https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Ubuntu-focal-kernel/drivers
History
Chris Lew 94d8086167 soc: qcom: qmi_encdec: Restrict string length in decode 
BugLink: https://bugs.launchpad.net/bugs/2040284

commit 8d207400fd6b79c92aeb2f33bb79f62dff904ea2 upstream.

The QMI TLV value for strings in a lot of qmi element info structures
account for null terminated strings with MAX_LEN + 1. If a string is
actually MAX_LEN + 1 length, this will cause an out of bounds access
when the NULL character is appended in decoding.

Fixes: 9b8a11e826 ("soc: qcom: Introduce QMI encoder/decoder")
Cc: stable@vger.kernel.org
Signed-off-by: Chris Lew <quic_clew@quicinc.com>
Signed-off-by: Praveenkumar I <quic_ipkumar@quicinc.com>
Link: https://lore.kernel.org/r/20230801064712.3590128-1-quic_ipkumar@quicinc.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
 		2023-10-30 11:42:18 +01:00
..
accessibility
acpi ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily 2023-10-30 11:41:48 +01:00
amba amba: bus: fix refcount leak 2023-10-30 11:42:15 +01:00
android binder: fix memory leak in binder_init() 2023-10-30 11:41:52 +01:00
ata ata: pata_ns87415: mark ns87560_tf_read static 2023-10-30 11:41:46 +01:00
atm treewide: Remove uninitialized_var() usage 2023-08-09 12:25:41 +02:00
auxdisplay
base driver core: test_async: fix an error code 2023-10-30 11:42:14 +01:00
bcma
block loop: Select I/O scheduler 'none' from inside add_disk() 2023-10-30 11:41:48 +01:00
bluetooth Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() 2023-10-30 11:42:08 +01:00
bus bus: ti-sysc: Flush posted write on enable before reset 2023-10-30 11:41:58 +01:00
cdrom
char ipmi_si: fix a memleak in try_smi_init() 2023-10-30 11:42:16 +01:00
clk clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock 2023-10-30 11:42:18 +01:00
clocksource clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe 2023-10-02 12:12:00 +02:00
connector
counter counter: 104-quad-8: Fix race condition between FLAG and CNTR reads 2023-08-09 12:25:13 +02:00
cpufreq cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug 2023-10-30 11:42:17 +01:00
cpuidle
crypto crypto: stm32 - fix loop iterating through scatterlist for DMA 2023-10-30 11:42:17 +01:00
dax
dca
devfreq PM / devfreq: Fix leak in devfreq_dev_release() 2023-10-30 11:42:16 +01:00
dio
dma dmaengine: ste_dma40: Add missing IRQ check in d40_probe 2023-10-30 11:42:16 +01:00
dma-buf dma-buf/sw_sync: Avoid recursive lock during fence signal 2023-10-30 11:42:03 +01:00
edac EDAC/skx: Fix overflows on the DRAM row address mapping arrays 2023-08-09 12:25:15 +02:00
eisa
extcon extcon: Fix kernel doc of property capability fields to avoid warnings 2023-10-02 12:12:06 +02:00
firewire treewide: Remove uninitialized_var() usage 2023-08-09 12:25:41 +02:00
firmware firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe 2023-10-30 11:42:05 +01:00
fpga fpga: bridge: fix kernel-doc parameter description 2023-08-09 12:25:19 +02:00
fsi fsi: master-ast-cf: Add MODULE_FIRMWARE macro 2023-10-30 11:42:05 +01:00
gnss
gpio gpio: tps68470: Make tps68470_gpio_output() always set the initial value 2023-10-30 11:41:44 +01:00
gpu drm/ast: Fix DRAM init on AST2200 2023-10-30 11:42:18 +01:00
greybus
hid HID: multitouch: Correct devm device reference for hidinput input_dev name 2023-10-30 11:42:15 +01:00
hsi
hv Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs 2023-10-02 12:11:56 +02:00
hwmon hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled 2023-10-30 11:41:47 +01:00
hwspinlock
hwtracing coresight: tmc: Explicit type conversions to prevent integer overflow 2023-10-30 11:42:14 +01:00
i2c i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue 2023-10-30 11:41:57 +01:00
i3c
ide treewide: Remove uninitialized_var() usage 2023-08-09 12:25:41 +02:00
idle
iio iio: addac: stx104: Fix race condition when converting analog-to-digital 2023-10-30 11:41:56 +01:00
infiniband RDMA/siw: Correct wrong debug message 2023-10-30 11:42:15 +01:00
input Input: adxl34x - do not hardcode interrupt trigger type 2023-10-02 12:12:04 +02:00
interconnect interconnect: Do not skip aggregation for disabled paths 2023-10-30 11:42:03 +01:00
iommu iommu/vt-d: Fix to flush cache of PASID directory table 2023-10-30 11:42:14 +01:00
ipack
irqchip irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable 2023-10-30 11:42:03 +01:00
isdn mISDN: Update parameter type of dsp_cmx_send() 2023-10-30 11:41:53 +01:00
leds leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename 2023-10-30 11:41:57 +01:00
lightnvm
macintosh macintosh: via-pmu-led: requires ATA to be set 2023-08-09 12:25:21 +02:00
mailbox mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 2023-10-02 12:12:07 +02:00
mcb mcb-pci: Reallocate memory region to avoid memory overlapping 2023-08-09 12:25:29 +02:00
md md/md-bitmap: hold 'reconfig_mutex' in backlog_store() 2023-10-30 11:42:10 +01:00
media media: dvb: symbol fixup for dvb_attach() 2023-10-30 11:42:16 +01:00
memory memory: brcmstb_dpfe: fix testing array offset after use 2023-10-02 12:12:04 +02:00
memstick memstick r592: make memstick_debug_get_tpc_name() static 2023-10-02 12:12:02 +02:00
message scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition 2023-08-09 12:25:28 +02:00
mfd mfd: stmpe: Only disable the regulators if they are enabled 2023-10-02 12:12:07 +02:00
misc misc: pci_endpoint_test: Re-init completion for every test 2023-10-02 12:12:13 +02:00
mmc mmc: au1xmmc: force non-modular build and remove symbol_get usage 2023-10-30 11:42:04 +01:00
mtd mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() 2023-10-30 11:42:15 +01:00
mux
net wifi: ath10k: Use RMW accessors for changing LNKCTL 2023-10-30 11:42:12 +01:00
nfc nfcsim.c: Fix error checking for debugfs_create_dir 2023-10-02 12:11:58 +02:00
ntb ntb: Fix calculation ntb_transport_tx_free_entry() 2023-10-30 11:42:16 +01:00
nubus
nvdimm
nvme nvmet-tcp: Fix a possible UAF in queue intialization setup 2023-10-30 11:42:04 +01:00
nvmem
of of: unittest: Fix overlay type in apply/revert check 2023-10-30 11:42:11 +01:00
opp OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() 2023-10-30 11:42:07 +01:00
oprofile
parisc parisc: led: Reduce CPU overhead for disk & lan LED computation 2023-10-30 11:42:18 +01:00
parport
pci Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" 2023-10-30 11:42:17 +01:00
pcmcia pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() 2023-10-30 11:41:55 +01:00
perf perf/imx_ddr: don't enable counter0 if none of 4 counters are used 2023-10-30 11:42:07 +01:00
phy phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write 2023-10-30 11:42:15 +01:00
pinctrl pinctrl: amd: Don't show `Invalid config param` errors 2023-10-30 11:42:05 +01:00
platform platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications 2023-10-30 11:42:06 +01:00
pnp
power power: supply: Fix logic checking if system is running from battery 2023-09-01 14:48:43 +02:00
powercap powercap: RAPL: Fix CONFIG_IOSF_MBI dependency 2023-10-02 12:12:01 +02:00
pps
ps3
ptp ptp_qoriq: fix memory leak in probe() 2023-07-10 17:22:05 +02:00
pwm pwm: meson: fix handling of period/duty if greater than UINT_MAX 2023-10-30 11:41:45 +01:00
rapidio
ras
regulator regulator: core: Streamline debugfs operations 2023-10-02 12:12:01 +02:00
remoteproc remoteproc: st: Call of_node_put() on iteration error 2023-08-09 12:25:25 +02:00
reset
rpmsg rpmsg: glink: Add check for kstrdup 2023-10-30 11:42:15 +01:00
rtc rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff 2023-10-30 11:42:04 +01:00
s390 s390/dasd: fix hanging device after request requeue 2023-10-30 11:42:05 +01:00
sbus
scsi scsi: qla2xxx: Remove unsupported ql2xenabledif option 2023-10-30 11:42:18 +01:00
sfi
sh
siox
slimbus
soc soc: qcom: qmi_encdec: Restrict string length in decode 2023-10-30 11:42:18 +01:00
soundwire
spi spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() 2023-10-30 11:42:08 +01:00
spmi spmi: Add a check for remove callback when removing a SPMI driver 2023-08-09 12:25:20 +02:00
ssb treewide: Remove uninitialized_var() usage 2023-08-09 12:25:41 +02:00
staging staging: rtl8712: fix race condition 2023-10-30 11:42:05 +01:00
target scsi: target: iscsi: Prevent login threads from racing between each other 2023-10-02 12:11:58 +02:00
tc
tee
thermal
thunderbolt thunderbolt: Use const qualifier for `ring_interrupt_index` 2023-07-10 17:22:03 +02:00
tty serial: sc16is7xx: fix broken port 0 uart init 2023-10-30 11:42:17 +01:00
uio
usb usb: typec: tcpci: clear the fault status bit 2023-10-30 11:42:17 +01:00
vfio
vhost treewide: Remove uninitialized_var() usage 2023-08-09 12:25:41 +02:00
video fbdev/ep93xx-fb: Do not assign to struct fb_info.dev 2023-10-30 11:42:18 +01:00
virt
virtio virtio_ring: fix avail_wrap_counter in virtqueue_add_packed 2023-10-30 11:42:16 +01:00
visorbus
vlynq
vme
w1 w1: fix loop in w1_fini() 2023-10-02 12:12:06 +02:00
watchdog watchdog: menz069_wdt: fix watchdog initialisation 2023-08-09 12:25:38 +02:00
xen xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() 2023-08-09 12:25:35 +02:00
zorro
Kconfig
Makefile