vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2221465
CVE: CVE-2023-3567
Omitted-fix: 46d733d0efc7 ("vc_screen: modify vcs_size() handling in
vcs_read()") This commit does not touch any of the changes made by the
commits in the following series. I believe the author referenced commit
226fae124b2d by mistake.
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=55558298
Ricardo Robaina (2):
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid
UAF
vc_screen: don't clobber return value in vcs_read
drivers/tty/vt/vc_screen.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
Signed-off-by: Ricardo Robaina rrobaina@redhat.com