linux-yocto

mirror of git://git.yoctoproject.org/linux-yocto.git synced 2026-02-27 19:48:36 +01:00

History

Tianchu Chen f83e3e9f89 char: applicom: fix NULL pointer dereference in ac_ioctl commit 82d12088c297fa1cef670e1718b3d24f414c23f7 upstream. Discovered by Atuin - Automated Vulnerability Discovery Engine. In ac_ioctl, the validation of IndexCard and the check for a valid RamIO pointer are skipped when cmd is 6. However, the function unconditionally executes readb(apbs[IndexCard].RamIO + VERS) at the end. If cmd is 6, IndexCard may reference a board that does not exist (where RamIO is NULL), leading to a NULL pointer dereference. Fix this by skipping the readb access when cmd is 6, as this command is a global information query and does not target a specific board context. Signed-off-by: Tianchu Chen <flynnnchen@tencent.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Cc: stable <stable@kernel.org> Link: https://patch.msgid.link/20251128155323.a786fde92ebb926cbe96fcb1@linux.dev Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2026-01-02 12:57:14 +01:00
..
agp	agp/amd64: Check AGP Capability before binding to unsupported devices	2025-07-09 07:23:09 +02:00
hw_random	This update includes the following changes:	2025-10-04 14:59:29 -07:00
ipmi	ipmi: Fix __scan_channels() failing to rescan channels	2026-01-02 12:56:59 +01:00
mwave
tpm	tpm2-sessions: Fix tpm2_read_public range checks	2026-01-02 12:57:11 +01:00
xilinx_hwicap	char: Switch back to struct platform_driver::remove()	2024-11-05 05:33:47 +01:00
xillybus	char: xillybus: Use to_delayed_work()	2025-04-17 10:56:11 +02:00
adi.c	char/adi: Remove redundant less-than-zero check in adi_write()	2025-09-06 16:00:36 +02:00
apm-emulation.c	apm-emulation: hide an unused variable	2025-04-17 10:56:11 +02:00
applicom.c	char: applicom: fix NULL pointer dereference in ac_ioctl	2026-01-02 12:57:14 +01:00
applicom.h
bsr.c	bsr: add missing MODULE_DESCRIPTION() macro	2024-07-03 16:40:53 +02:00
ds1620.c	[tree-wide] finally take no_llseek out	2024-09-27 08:18:43 -07:00
dsp56k.c	dsp56k: add missing MODULE_DESCRIPTION() macro	2024-07-03 16:40:26 +02:00
dtlk.c	treewide: Switch/rename to timer_delete[_sync]()	2025-04-05 10:30:12 +02:00
hangcheck-timer.c	treewide: Switch/rename to timer_delete[_sync]()	2025-04-05 10:30:12 +02:00
hpet.c	hpet: Use str_plural() to simplify the code	2025-08-19 12:50:36 +02:00
Kconfig	drivers: char: SONYPI depends on HAS_IOPORT	2025-06-24 16:44:19 +01:00
lp.c	parport: Remove parport_driver.devmodel	2024-07-03 16:44:22 +02:00
Makefile	char: misc: Move drivers/misc/misc_minor_kunit.c to drivers/char/	2025-08-19 12:41:17 +02:00
mem.c	/dev/zero: try to align PMD_SIZE for private mapping	2025-09-13 16:54:42 -07:00
misc_minor_kunit.c	char: misc: Add a case to test registering miscdevice again without reinitialization	2025-08-19 12:41:17 +02:00
misc.c	char: Use list_del_init() in misc_deregister() to reinitialize list pointer	2025-09-06 19:43:18 +02:00
nsc_gpio.c
nvram.c	char: add missing MODULE_DESCRIPTION() macros	2024-06-04 17:40:17 +02:00
nwbutton.c	char: add missing NetWinder MODULE_DESCRIPTION() macros	2024-07-31 13:47:45 +02:00
nwbutton.h
nwflash.c	char: add missing NetWinder MODULE_DESCRIPTION() macros	2024-07-31 13:47:45 +02:00
pc8736x_gpio.c	[tree-wide] finally take no_llseek out	2024-09-27 08:18:43 -07:00
powernv-op-panel.c	char: Switch back to struct platform_driver::remove()	2024-11-05 05:33:47 +01:00
ppdev.c	[tree-wide] finally take no_llseek out	2024-09-27 08:18:43 -07:00
ps3flash.c
random.c	random: use offstack cpumask when necessary	2025-12-18 14:02:44 +01:00
scx200_gpio.c	[tree-wide] finally take no_llseek out	2024-09-27 08:18:43 -07:00
sonypi.c	sonypi: Use str_on_off() helper in sonypi_display_info()	2025-02-20 15:25:09 +01:00
tlclk.c	treewide: Switch/rename to timer_delete[_sync]()	2025-04-05 10:30:12 +02:00
toshiba.c
ttyprintk.c	char: add missing MODULE_DESCRIPTION() macros	2024-06-04 17:40:17 +02:00
uv_mmtimer.c
virtio_console.c	virtio_console: fix order of fields cols and rows	2025-04-18 10:08:11 -04:00