Evolution-X-Devices/kernel_nothing_sm7325
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'android11-5.4' into branch 'android11-5.4-lts'

Browse Source 
This syncs up the back-merge of android11-5.4 into the -lts branch.
Included in here are the following commits:

* df80fcf8cd Merge tag 'android11-5.4.281_r00' into android11-5.4
* ef9a17e64f UPSTREAM: net: sched: sch_multiq: fix possible OOB write in multiq_tune()
* f4e5b5151e FROMLIST: binder: fix UAF caused by offsets overwrite
* 7453ecf4d1 UPSTREAM: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()

Change-Id: I38e7c94c958b6b71725e5391b22bafda514796cf
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This commit is contained in:
Greg Kroah-Hartman
2024-08-28 08:49:12 +00:00
parent a0347a4c8d df80fcf8cd
commit d82959916b
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
drivers/android/binder.c
View File

@@ -3326,6 +3326,7 @@ static void binder_transaction(struct binder_proc *proc,
*/
copy_size = object_offset - user_offset;
if (copy_size && (user_offset > object_offset ||
object_offset > tr->data_size ||
binder_alloc_copy_user_to_buffer(
&target_proc->alloc,
t->buffer, user_offset,