blob: 3c96d5deced9090c6bf8505c635431d0d5bec47a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Description: drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
References:
https://source.android.com/security/bulletin/pixel/2022-06-01
https://android.googlesource.com/kernel/common/+/37c7c8d4f0856ca30c2583adead91f42711f9c2f%5E%21/
Notes:
bwh> Based on the Android backport of this, the specific case where a
bwh> buffer overflow was possible must be in the name attribute of a
bwh> wakeup_source. This code was introduced in 5.4 by commit
bwh> c8377adfa781 "PM / wakeup: Show wakeup sources stats in sysfs".
bwh> If wakelocks are enabled (CONFIG_PM_WAKELOCKS=y) then user-space
bwh> can create a wakeup_source with an arbitrary name. However, we
bwh> never enabled this.
Bugs:
upstream: released (5.10-rc1) [aa838896d87af561a33ecefea1caa4c15a68bc47]
5.10-upstream-stable: N/A "Fixed before branching point"
4.19-upstream-stable: N/A "Vulnerable code not present"
4.9-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.10.4-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: N/A "Vulnerable code not present"
4.9-stretch-security: N/A "Vulnerable code not present"
|
