CVE-2016-2502-drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android.
Buffer Overflow Vulnerability reported by #plzdonthackme, Soctt.
struct ioctl_smd_write_arg_type { char *buf; unsigned int size; }; #define GSERIAL_BUF_LEN 256 char smd_write_buf[GSERIAL_BUF_LEN]; struct ioctl_smd_write_arg_type smd_write_arg; ... case GSERIAL_SMD_WRITE: if (copy_from_user(&smd_write_arg, argp, sizeof(smd_write_arg))) { ... //Patch //if (smd_write_arg.size > GSERIAL_BUF_LEN ) // pr_err("%s: dont trigger the BoD vuln.", __func__); if (copy_from_user(smd_write_buf, smd_write_arg.buf, smd_write_arg.size)) // Bof vuln.
时间: 2024-10-11 05:32:07