On Wed, Jul 13, 2022 at 11:37:34PM +0800, Ning Qiang wrote: > In do_adb_query function of drivers/macintosh/adb.c, req->data is copy > form userland. the parameter "req->data[2]" is Missing check, the > array size of adb_handler[] is 16, so "adb_handler[ > req->data[2]].original_address" and "adb_handler[ > req->data[2]].handler_id" will lead to oob read. > > Signed-off-by: Ning Qiang <sohu0...@126.com>
Cc: stable <sta...@kernel.org> Reviewed-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
