Backport request: "scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Can the following be be backported to the 3.x LTS kernels (3.10, 3.12,
3.14, 3.16, 3.18) and 4.1.y?  This addresses CVE-2016-7425.

commit 7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Date:   Thu Sep 15 16:44:56 2016 +0300

    scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()

    We need to put an upper bound on "user_len" so the memcpy() doesn't
    overflow.

    Cc: <stable@xxxxxxxxxxxxxxx>
    Reported-by: Marco Grassi <marco.gra@xxxxxxxxx>
    Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
    Reviewed-by: Tomas Henzl <thenzl@xxxxxxxxxx>
    Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>

Thanks!
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]