stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-09-13 11:07:46 +10:00
Code Issues Releases Wiki Activity
1,371,336 Commits 99 Branches 5,402 Tags 8.3 GiB
9735a9dcc3
Go to file
Stanislav Fort 9735a9dcc3 audit: fix out-of-bounds read in audit_compare_dname_path() 
commit 4540f1d23e upstream.

When a watch on dir=/ is combined with an fsnotify event for a
single-character name directly under / (e.g., creating /a), an
out-of-bounds read can occur in audit_compare_dname_path().

The helper parent_len() returns 1 for "/". In audit_compare_dname_path(),
when parentlen equals the full path length (1), the code sets p = path + 1
and pathlen = 1 - 1 = 0. The subsequent loop then dereferences
p[pathlen - 1] (i.e., p[-1]), causing an out-of-bounds read.

Fix this by adding a pathlen > 0 check to the while loop condition
to prevent the out-of-bounds access.

Cc: stable@vger.kernel.org
Fixes: e92eebb0d6 ("audit: fix suffixed '/' filename matching")
Reported-by: Stanislav Fort <disclosure@aisle.com>
Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
Signed-off-by: Stanislav Fort <stanislav.fort@aisle.com>
[PM: subject tweak, sign-off email fixes]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-09-09 19:02:34 +02:00
arch x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() 2025-09-09 19:02:29 +02:00
block blk-zoned: Fix a lockdep complaint about recursive locking 2025-09-04 16:55:46 +02:00
certs
crypto crypto: acomp - Fix CFI failure due to type punning 2025-08-28 16:34:34 +02:00
Documentation dt-bindings: display/msm: qcom,mdp5: drop lut clock 2025-09-04 16:55:37 +02:00
drivers nouveau: Membar before between semaphore writes and the interrupt 2025-09-09 19:02:33 +02:00
fs proc: fix missing pde_set_flags() for net proc files 2025-09-09 19:02:31 +02:00
include mm: introduce and use {pgd,p4d}_populate_kernel() 2025-09-09 19:02:30 +02:00
init
io_uring io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths 2025-09-04 16:55:43 +02:00
ipc
kernel audit: fix out-of-bounds read in audit_compare_dname_path() 2025-09-09 19:02:34 +02:00
lib
LICENSES
mm kunit: kasan_test: disable fortify string checker on kasan_strings() test 2025-09-09 19:02:30 +02:00
net wifi: mac80211: do not permit 40 MHz EHT operation on 5/6 GHz 2025-09-09 19:02:31 +02:00
rust rust: mm: mark VmaNew as transparent 2025-09-09 19:02:29 +02:00
samples samples/damon/mtier: support boot time enable setup 2025-08-20 18:41:35 +02:00
scripts kasan: fix GCC mem-intrinsic prefix with sw tags 2025-09-09 19:02:30 +02:00
security apparmor: Fix 8-byte alignment for initial dfa blob streams 2025-08-28 16:34:16 +02:00
sound ALSA: usb-audio: Add mute TLV for playback volumes on some devices 2025-09-09 19:02:28 +02:00
tools selftest: net: Fix weird setsockopt() in bind_bhash.c. 2025-09-09 19:02:28 +02:00
usr
virt
.clang-format
.clippy.toml
.cocciconfig
.editorconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
.pylintrc
.rustfmt.toml
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile Linux 6.16.5 2025-09-04 16:55:53 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.