Headline
CVE-2020-0067
In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.
)]}’ { "commit": "688078e7f36c293dae25b338ddc9e0a2790f6e06", "tree": "bfdb73e559a913582cbd3eb33656710c403645cf", "parents": [ “9f701f6c772b15461843b92f9b41a0705e190a86” ], "author": { "name": "Randall Huang", "email": "[email protected]", "time": “Fri Oct 18 14:56:22 2019 +0800” }, "committer": { "name": "Jaegeuk Kim", "email": "[email protected]", "time": “Tue Oct 22 10:32:42 2019 -0700” }, "message": "f2fs: fix to avoid memory leakage in f2fs_listxattr\n\nIn f2fs_listxattr, there is no boundary check before\nmemcpy e_name to buffer.\nIf the e_name_len is corrupted,\nunexpected memory contents may be returned to the buffer.\n\nSigned-off-by: Randall Huang \[email protected]\u003e\nReviewed-by: Chao Yu \[email protected]\u003e\nSigned-off-by: Jaegeuk Kim \[email protected]\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "181900af2576ba535042642856b8485a9b667ad6", "old_mode": 33188, "old_path": "fs/f2fs/xattr.c", "new_id": "296b3189448a466c2177ace3d0423f1f31f2162b", "new_mode": 33188, "new_path": “fs/f2fs/xattr.c” } ] }