Date: Wed, 11 Jul 2018 09:02:52 +0800 From: <zrlw@...a.com> To: "oss-security" <oss-security@...ts.openwall.com> Cc: "Solar Designer" <solar@...nwall.com> Subject: Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook yes, i found the pl and sent to the maintainer mchehab@...nel.org and linux-media mail list linux-media@...r.kernel.org last week, the last one boudanced me with something like 'Your address is not liked source for email' blah... i don't have Sony Vaio PictureBook, so i just check the souces and docs again. /usr/src/packages/BUILD/kernel-default-4.4.21/linux-4.4/Documentation/video4linux/v4l2-framework.txt: 'The v4l2_file_operations struct is a subset of file_operations. The main difference is that the inode argument is omitted since it is never used.' # ls /dev/video0crw-rw---- 1 root video 81, 0 Jul 11 08:14 /dev/video0 commit be83bbf80682 file_mmap_size_max check conditions:1. S_ISREG(inode->i_mode) 2. S_ISBLK(inode->i_mode)3. file->f_mode & FMODE_UNSIGNED_OFFSET I doubt which one will be true. ----- Original Message ----- From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com, zrlw@...a.com Cc: Solar Designer <solar@...nwall.com> Subject: Re: [oss-security] mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Date: 2018-07-10 21:41 On Sat, Jul 07, 2018 at 12:09:37AM +0800, zrlw@...a.com wrote: > I sent a email to the original authors which i found in the head of > meye.c, but i don't receive any response util now. Always use the scripts/get_maintainer.pl tool to find who to send stuff like this to. It will include a public mailing list or two. > I don't think > commit be83bbf80682 will work on this case, this driver derived from > v4l2-core which not use inode, maybe i'm wrong. I think you are wrong, but it would be great if you could test to verify it or not. thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ