On Wed, Jun 05, 2019 at 01:07:25PM -0400, Douglas Gilbert wrote:
> On 2019-06-05 2:00 a.m., Jiri Slaby wrote:
> >On 23. 05. 19, 4:38, Gen Zhang wrote:
> >>In sg_write(), the opcode of the command is fetched the first time from
> >>the userspace by __get_user(). Then the whole command, the opcode
>
On 2019-06-05 2:00 a.m., Jiri Slaby wrote:
On 23. 05. 19, 4:38, Gen Zhang wrote:
In sg_write(), the opcode of the command is fetched the first time from
the userspace by __get_user(). Then the whole command, the opcode
included, is fetched again from userspace by __copy_from_user().
However, a m
On 23. 05. 19, 4:38, Gen Zhang wrote:
> In sg_write(), the opcode of the command is fetched the first time from
> the userspace by __get_user(). Then the whole command, the opcode
> included, is fetched again from userspace by __copy_from_user().
> However, a malicious user can change the opcode
In sg_write(), the opcode of the command is fetched the first time from
the userspace by __get_user(). Then the whole command, the opcode
included, is fetched again from userspace by __copy_from_user().
However, a malicious user can change the opcode between the two fetches.
This can cause incon
4 matches
Mail list logo