diff options
Diffstat (limited to 'cdrom-fix-improper-type-cast-which-can-leat-to-information-leak.patch')
| -rw-r--r-- | cdrom-fix-improper-type-cast-which-can-leat-to-information-leak.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/cdrom-fix-improper-type-cast-which-can-leat-to-information-leak.patch b/cdrom-fix-improper-type-cast-which-can-leat-to-information-leak.patch deleted file mode 100644 index ea594f4a6..000000000 --- a/cdrom-fix-improper-type-cast-which-can-leat-to-information-leak.patch +++ /dev/null @@ -1,35 +0,0 @@ -From e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 Mon Sep 17 00:00:00 2001 -From: Young_X <YangX92@hotmail.com> -Date: Wed, 3 Oct 2018 12:54:29 +0000 -Subject: cdrom: fix improper type cast, which can leat to information leak. - -From: Young_X <YangX92@hotmail.com> - -commit e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 upstream. - -There is another cast from unsigned long to int which causes -a bounds check to fail with specially crafted input. The value is -then used as an index in the slot array in cdrom_slot_status(). - -This issue is similar to CVE-2018-16658 and CVE-2018-10940. - -Signed-off-by: Young_X <YangX92@hotmail.com> -Signed-off-by: Jens Axboe <axboe@kernel.dk> -Cc: Ben Hutchings <ben.hutchings@codethink.co.uk> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> - ---- - drivers/cdrom/cdrom.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/drivers/cdrom/cdrom.c -+++ b/drivers/cdrom/cdrom.c -@@ -2445,7 +2445,7 @@ static int cdrom_ioctl_select_disc(struc - return -ENOSYS; - - if (arg != CDSL_CURRENT && arg != CDSL_NONE) { -- if ((int)arg >= cdi->capacity) -+ if (arg >= cdi->capacity) - return -EINVAL; - } - |