vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (!3086) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Ricardo Robaina requested to merge rrobaina/centos-stream-9:bz2221465 into main Sep 19, 2023

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2221465

CVE: CVE-2023-3567

Omitted-fix: 46d733d0efc7 ("vc_screen: modify vcs_size() handling in
vcs_read()") This commit does not touch any of the changes made by the
commits in the following series. I believe the author referenced commit
226fae124b2d by mistake.

Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=55558298

Ricardo Robaina (2):
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid
UAF
vc_screen: don't clobber return value in vcs_read

drivers/tty/vt/vc_screen.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)

Signed-off-by: Ricardo Robaina rrobaina@redhat.com

Admin message

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

Merge request reports