Bug 196575
| Summary: | drivers/s390/char/keyboard.c NULL pointer reference | ||
|---|---|---|---|
| Product: | Drivers | Reporter: | zhh (sohu0106) |
| Component: | Input Devices | Assignee: | drivers_input-devices |
| Status: | NEW --- | ||
| Severity: | normal | CC: | sohu0106 |
| Priority: | P1 | ||
| Hardware: | S390-64 | ||
| OS: | Linux | ||
| Kernel Version: | <=4.12.3 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
Local users able to send the NULL arg argument to kbd_ioctl(), which could cause kernel crash diff --git a/keyboard.c b/keyboard.c index ba0e4f9..3ec16b1 100644 --- a/keyboard.c +++ b/keyboard.c @@ -456,6 +456,8 @@ int kbd_ioctl(struct kbd_data *kbd, unsigned int cmd, unsigned long arg) int perm; argp = (void __user *)arg; + if( !argp ) + return -EFAULT; /* * To have permissions to do most of the vt ioctls, we either have