Hi Amit,
On Fri, May 04, 2018 at 12:08:53AM +0530, Amit Pundir wrote:
From: Suren Baghdasaryan surenb@google.com
Out of bounds kernel accesses in st21nfca's NFC HCI layer might happen when handling ATR_REQ events if user-specified atr_req->length is bigger than the buffer size. In that case memcpy() inside st21nfca_tm_send_atr_res() will read extra bytes resulting in OOB read from the kernel heap.
cc: Stable stable@vger.kernel.org Signed-off-by: Suren Baghdasaryan surenb@google.com Signed-off-by: Amit Pundir amit.pundir@linaro.org Reviewed-by: Andy Shevchenko andriy.shevchenko@linux.intel.com
v3..v1: Resend. No changes.
drivers/nfc/st21nfca/dep.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
All 4 patches applied to nfc-next, thanks.
Cheers, Samuel.