[Midnightbsd-cvs] src [7553] trunk/sys/dev/kbd/kbd.c: The atkbd(4) driver, together with the atkbdc(4) driver, provides access
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu May 19 08:27:04 EDT 2016
Revision: 7553
http://svnweb.midnightbsd.org/src/?rev=7553
Author: laffer1
Date: 2016-05-19 08:27:03 -0400 (Thu, 19 May 2016)
Log Message:
-----------
The atkbd(4) driver, together with the atkbdc(4) driver, provides access
to the AT 84 keyboard or the AT enhanced keyboard which is connected to
the AT keyboard controller. The driver is required for the console driver
syscons(4) or vt(4). The driver exposes its own ioctl(2) interface to allow
it to be configured from userland through the kbdcontrol(1) utility.
Incorrect signedness comparison in the ioctl(2) handler allows a malicious
local user to overwrite a portion of the kernel memory.
A local user may crash the kernel, read a portion of kernel memory and
execute arbitrary code in kernel context. The result of executing an
arbitrary kernel code is privilege escalation.
Obtained from: FreeBSD
Modified Paths:
--------------
trunk/sys/dev/kbd/kbd.c
Modified: trunk/sys/dev/kbd/kbd.c
===================================================================
--- trunk/sys/dev/kbd/kbd.c 2016-05-05 08:10:29 UTC (rev 7552)
+++ trunk/sys/dev/kbd/kbd.c 2016-05-19 12:27:03 UTC (rev 7553)
@@ -996,7 +996,7 @@
splx(s);
return (error);
}
- kbd->kb_fkeytab[fkeyp->keynum].len = imin(fkeyp->flen, MAXFK);
+ kbd->kb_fkeytab[fkeyp->keynum].len = min(fkeyp->flen, MAXFK);
bcopy(fkeyp->keydef, kbd->kb_fkeytab[fkeyp->keynum].str,
kbd->kb_fkeytab[fkeyp->keynum].len);
break;
More information about the Midnightbsd-cvs
mailing list