tag cd622aafb834a7391e2eedd6e77eb54bdc6a0639
tagger Todd Kjos <tkjos@google.com> Mon Dec 06 15:42:45 2021 -0800
object 10bef003d4b3295c3cef3d4babbf63f7bca4f0d2

https://source.android.com/security/bulletin/2021-12-01
CVE-2021-33909
CVE-2021-38204
CVE-2021-0961

commit 10bef003d4b3295c3cef3d4babbf63f7bca4f0d2
author Eric Sandeen <sandeen@redhat.com> Tue Jul 13 17:49:23 2021 +0200
committer Todd Kjos <tkjos@google.com> Mon Dec 06 13:20:38 2021 -0800
tree c892c05b3ec57b384f7c26465de1b2f6abec0992
parent fb01f2e8df210ec9cbb5050939b3205bef9f610f

seq_file: disallow extremely large seq buffer allocations

commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream.

There is no reasonable need for a buffer larger than this, and it avoids
int overflow pitfalls.

Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Reported-by: Qualys Security Advisory <qsa@qualys.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>