diff options
| author | Jann Horn <[email protected]> | 2015-09-11 14:27:27 +0000 |
|---|---|---|
| committer | Steve French <[email protected]> | 2015-09-11 14:54:03 +0000 |
| commit | 4c17a6d56bb0cad3066a714e94f7185a24b40f49 (patch) | |
| tree | cbd5fe9b42e01ef05f8e4fa0298c0a82c2180d44 /scripts/extract-cert.c | |
| parent | Merge branch 'for-4.3/blkcg' of git://git.kernel.dk/linux-block (diff) | |
| download | kernel-4c17a6d56bb0cad3066a714e94f7185a24b40f49.tar.gz kernel-4c17a6d56bb0cad3066a714e94f7185a24b40f49.zip | |
CIFS: fix type confusion in copy offload ioctl
This might lead to local privilege escalation (code execution as
kernel) for systems where the following conditions are met:
- CONFIG_CIFS_SMB2 and CONFIG_CIFS_POSIX are enabled
- a cifs filesystem is mounted where:
- the mount option "vers" was used and set to a value >=2.0
- the attacker has write access to at least one file on the filesystem
To attack this, an attacker would have to guess the target_tcon
pointer (but guessing wrong doesn't cause a crash, it just returns an
error code) and win a narrow race.
CC: Stable <[email protected]>
Signed-off-by: Jann Horn <[email protected]>
Signed-off-by: Steve French <[email protected]>
Diffstat (limited to 'scripts/extract-cert.c')
0 files changed, 0 insertions, 0 deletions