On Wed, 13 Jul 2022 23:37:34 +0800, Ning Qiang wrote:
> In do_adb_query function of drivers/macintosh/adb.c, req->data is copy
> form userland. the parameter "req->data[2]" is Missing check, the
> array size of adb_handler[] is 16, so "adb_handler[
> req->data[2]].original_address" and "adb_handler[
> req->data[2]].handler_id" will lead to oob read.
>
>
> [...]
Applied to powerpc/next.
[1/1] macintosh:fix oob read in do_adb_query function
https://git.kernel.org/powerpc/c/fd97e4ad6d3b0c9fce3bca8ea8e6969d9ce7423b
cheers
