github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-05 13:06:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
3eb6b89a4e
linux/drivers
History
Phil Turnbull 3eb6b89a4e wifi: wilc1000: validate number of channels 
commit 0cdfa9e6f0 upstream.

There is no validation of 'e->no_of_channels' which can trigger an
out-of-bounds write in the following 'memset' call. Validate that the
number of channels does not extends beyond the size of the channel list
element.

Signed-off-by: Phil Turnbull <philipturnbull@github.com>
Tested-by: Ajay Kathat <ajay.kathat@microchip.com>
Acked-by: Ajay Kathat <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull@github.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-12-02 17:40:06 +01:00
..
accessibility speakup: fix a segfault caused by switching consoles 2022-11-25 17:45:50 +01:00
acpi ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() 2022-11-10 18:14:22 +01:00
amba
android binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0 2022-12-02 17:40:04 +01:00
ata ata: libata-core: do not issue non-internal commands once EH is pending 2022-12-02 17:39:57 +01:00
atm atm: idt77252: fix use-after-free bugs caused by tst_timer 2022-08-25 11:38:02 +02:00
auxdisplay
base PM: domains: Fix handling of unavailable/disabled idle states 2022-11-03 23:57:53 +09:00
bcma
block drbd: use after free in drbd_create_device() 2022-11-25 17:45:47 +01:00
bluetooth Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure 2022-10-26 13:25:21 +02:00
bus bus: sunxi-rsb: Support atomic transfers 2022-12-02 17:39:59 +01:00
cdrom
char hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() 2022-10-26 13:25:41 +02:00
clk clk: bcm2835: Make peripheral PLLC critical 2022-10-26 13:25:54 +02:00
clocksource clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() 2022-07-07 17:52:23 +02:00
connector
counter counter: microchip-tcb-capture: Handle Signal1 read and Synapse 2022-11-03 23:57:50 +09:00
cpufreq cpufreq: qcom: fix memory leak in error path 2022-10-30 09:41:15 +01:00
cpuidle
crypto crypto: cavium - prevent integer overflow loading firmware 2022-10-26 13:25:43 +02:00
dax devdax: Fix soft-reservation memory description 2022-09-28 11:10:41 +02:00
dca
devfreq PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events 2022-07-07 17:52:18 +02:00
dio
dma dmaengine: at_hdmac: Check return code of dma_async_device_register 2022-11-16 09:57:20 +01:00
dma-buf dma-buf: fix racing conflict of dma_heap_add() 2022-12-02 17:40:01 +01:00
edac EDAC/ghes: Set the DIMM label unconditionally 2022-08-03 12:00:50 +02:00
eisa
extcon extcon: Modify extcon device to be created after driver data is set 2022-06-14 18:32:43 +02:00
firewire
firmware firmware: coreboot: Register bus in module init 2022-11-25 17:45:53 +01:00
fpga fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() 2022-10-26 13:25:33 +02:00
fsi fsi: core: Check error number after calling ida_simple_get 2022-10-26 13:25:38 +02:00
gnss
gpio gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully 2022-09-28 11:10:27 +02:00
gpu gpu: host1x: Avoid trying to use GART on Tegra20 2022-12-02 17:40:05 +01:00
greybus
hid HID: hyperv: fix possible memory leak in mousevsc_probe() 2022-11-16 09:57:08 +01:00
hsi HSI: omap_ssi_port: Fix dma_map_sg error check 2022-10-26 13:25:32 +02:00
hv Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() 2022-12-02 17:40:00 +01:00
hwmon hwmon/coretemp: Handle large core ID value 2022-10-30 09:41:15 +01:00
hwspinlock hwspinlock: qcom: correct MMIO max register for newer SoCs 2022-11-16 09:57:07 +01:00
hwtracing coresight: cti: Fix hang in cti_disable_hw() 2022-11-10 18:14:25 +01:00
i2c i2c: i801: add lis3lv02d's I2C address for Vostro 5568 2022-11-25 17:45:40 +01:00
i3c
ide
idle intel_idle: Disable IBRS during long idle 2022-07-25 11:26:43 +02:00
iio iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails 2022-12-02 17:40:02 +01:00
infiniband RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() 2022-11-10 18:14:17 +01:00
input Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] 2022-12-02 17:40:05 +01:00
interconnect interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate 2022-09-28 11:10:28 +02:00
iommu iommu/vt-d: Set SRE bit only when hardware has SRS cap 2022-11-25 17:45:53 +01:00
ipack
irqchip irqchip/tegra: Fix overflow implicit truncation warnings 2022-08-25 11:38:12 +02:00
isdn mISDN: fix misuse of put_device() in mISDN_register_device() 2022-11-25 17:45:46 +01:00
leds leds: lm3601x: Don't use mutex after it was destroyed 2022-10-26 13:25:18 +02:00
lightnvm
macintosh macintosh/adb: fix oob read in do_adb_query() function 2022-08-11 13:06:47 +02:00
mailbox mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg 2022-10-26 13:25:40 +02:00
mcb
md dm integrity: clear the journal on suspend 2022-12-02 17:40:05 +01:00
media media: dvb-frontends/drxk: initialize err to 0 2022-11-10 18:14:22 +01:00
memory memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() 2022-10-26 13:25:28 +02:00
memstick memstick/ms_block: Fix a memory leak 2022-08-21 15:15:58 +02:00
message
mfd mtd: spi-nor: intel-spi: Disable write protection only if asked 2022-11-25 17:45:41 +01:00
misc misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() 2022-11-25 17:45:54 +01:00
mmc mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI 2022-12-02 17:40:03 +01:00
most
mtd spi: intel: Use correct mask for flash and protected regions 2022-11-25 17:45:41 +01:00
mux
net wifi: wilc1000: validate number of channels 2022-12-02 17:40:06 +01:00
nfc nfc: st-nci: fix memory leaks in EVT_TRANSACTION 2022-12-02 17:40:02 +01:00
ntb NTB: ntb_tool: uninitialized heap data in tool_fn_write() 2022-08-25 11:38:01 +02:00
nubus
nvdimm nvdimm: Fix badblocks clear off-by-one error 2022-07-07 17:52:15 +02:00
nvme nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro 2022-12-02 17:39:57 +01:00
nvmem
of of: fdt: fix off-by-one error in unflatten_dt_nodes() 2022-09-23 14:16:57 +02:00
opp opp: Fix error check in dev_pm_opp_attach_genpd() 2022-08-21 15:16:04 +02:00
oprofile
parisc parisc: Export iosapic_serial_irq() symbol for serial port driver 2022-11-10 18:14:27 +01:00
parport parport_pc: Avoid FIFO port location truncation 2022-11-25 17:45:44 +01:00
pci PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge 2022-10-26 13:25:11 +02:00
pcmcia pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards 2022-06-14 18:32:30 +02:00
perf perf/arm_pmu_platform: fix tests for platform_get_irq() failure 2022-09-20 12:38:32 +02:00
phy phy: stm32: fix an error code in probe 2022-11-16 09:57:08 +01:00
pinctrl pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map 2022-11-25 17:45:44 +01:00
platform platform/x86: hp-wmi: Ignore Smart Experience App event 2022-12-02 17:40:05 +01:00
pnp
power power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() 2022-10-26 13:25:52 +02:00
powercap powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue 2022-10-26 13:25:44 +02:00
pps
ps3
ptp
pwm pwm: lpc18xx-sct: Convert to devm_platform_ioremap_resource() 2022-08-21 15:15:37 +02:00
rapidio
ras
regulator regulator: twl6030: re-add TWL6032_SUBCLASS 2022-12-02 17:40:01 +01:00
remoteproc remoteproc: sysmon: Wait for SSCTL service to come up 2022-08-21 15:16:08 +02:00
reset reset: imx7: Fix the iMX8MP PCIe PHY PERST support 2022-10-05 10:38:40 +02:00
rpmsg rpmsg: qcom: glink: replace strncpy() with strscpy_pad() 2022-10-15 07:55:54 +02:00
rtc rtc: mt6397: check return value after calling platform_get_resource() 2022-06-14 18:32:33 +02:00
s390 s390/dasd: fix no record found for raw_track_access 2022-12-02 17:40:02 +01:00
sbus
scsi scsi: storvsc: Fix handling of srb_status and capacity change events 2022-12-02 17:39:59 +01:00
sfi
sh
siox siox: fix possible memory leak in siox_device_add() 2022-11-25 17:45:44 +01:00
slimbus slimbus: stream: correct presence rate frequencies 2022-11-25 17:45:50 +01:00
soc soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA 2022-10-26 13:25:29 +02:00
soundwire soundwire: intel: fix error handling on dai registration issues 2022-10-26 13:25:53 +02:00
spi spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() 2022-12-02 17:39:59 +01:00
spmi spmi: pmic-arb: correct duplicate APID to PPID mapping logic 2022-10-26 13:25:39 +02:00
ssb
staging media: meson: vdec: fix possible refcount leak in vdec_probe() 2022-11-10 18:14:22 +01:00
target scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() 2022-11-25 17:45:55 +01:00
tc
tee tee: optee: fix possible memory leak in optee_register_device() 2022-12-02 17:39:59 +01:00
thermal thermal: intel_powerclamp: Use first online CPU as control_cpu 2022-10-26 13:25:56 +02:00
thunderbolt thunderbolt: Explicitly enable lane adapter hotplug events at startup 2022-10-26 13:25:16 +02:00
tty serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() 2022-12-02 17:40:05 +01:00
uio
usb usb: dwc3: gadget: Clear ep descriptor last 2022-12-02 17:40:04 +01:00
vdpa vdpasim: allow to enable a vq repeatedly 2022-06-09 10:21:29 +02:00
vfio vfio/type1: fix vaddr_get_pfns() return in vfio_pin_page_external() 2022-09-28 11:10:38 +02:00
vhost vhost/vsock: Use kvmalloc/kvfree for larger packets. 2022-10-26 13:25:22 +02:00
video fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards 2022-11-10 18:14:21 +01:00
virt vboxguest: Do not use devm for irq 2022-08-25 11:38:14 +02:00
virtio virtio_mmio: Restore guest page size on resume 2022-07-21 21:20:13 +02:00
visorbus
vlynq
vme
w1
watchdog watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() 2022-08-21 15:16:10 +02:00
xen xen/platform-pci: add missing free_irq() in error path 2022-12-02 17:40:05 +01:00
zorro
Kconfig
Makefile