Headline
CVE-2020-0067
In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.
)]}’ { "commit": "688078e7f36c293dae25b338ddc9e0a2790f6e06", "tree": "bfdb73e559a913582cbd3eb33656710c403645cf", "parents": [ “9f701f6c772b15461843b92f9b41a0705e190a86” ], "author": { "name": "Randall Huang", "email": "huangrandall@google.com", "time": “Fri Oct 18 14:56:22 2019 +0800” }, "committer": { "name": "Jaegeuk Kim", "email": "jaegeuk@kernel.org", "time": “Tue Oct 22 10:32:42 2019 -0700” }, "message": "f2fs: fix to avoid memory leakage in f2fs_listxattr\n\nIn f2fs_listxattr, there is no boundary check before\nmemcpy e_name to buffer.\nIf the e_name_len is corrupted,\nunexpected memory contents may be returned to the buffer.\n\nSigned-off-by: Randall Huang \u003chuangrandall@google.com\u003e\nReviewed-by: Chao Yu \u003cyuchao0@huawei.com\u003e\nSigned-off-by: Jaegeuk Kim \u003cjaegeuk@kernel.org\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "181900af2576ba535042642856b8485a9b667ad6", "old_mode": 33188, "old_path": "fs/f2fs/xattr.c", "new_id": "296b3189448a466c2177ace3d0423f1f31f2162b", "new_mode": 33188, "new_path": “fs/f2fs/xattr.c” } ] }