From: Young_X Date: Wed, 3 Oct 2018 12:54:29 +0000 (+0000) Subject: cdrom: fix improper type cast, which can leat to information leak. X-Git-Tag: v5.15~7818^2~113 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276;p=platform%2Fkernel%2Flinux-starfive.git cdrom: fix improper type cast, which can leat to information leak. There is another cast from unsigned long to int which causes a bounds check to fail with specially crafted input. The value is then used as an index in the slot array in cdrom_slot_status(). This issue is similar to CVE-2018-16658 and CVE-2018-10940. Signed-off-by: Young_X Signed-off-by: Jens Axboe --- diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index a5d5a96479bf..10802d1fc554 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -2445,7 +2445,7 @@ static int cdrom_ioctl_select_disc(struct cdrom_device_info *cdi, return -ENOSYS; if (arg != CDSL_CURRENT && arg != CDSL_NONE) { - if ((int)arg >= cdi->capacity) + if (arg >= cdi->capacity) return -EINVAL; }