Please sign in to comment.
Remove the CDIOCREADSUBCHANNEL_SYSSPACE ioctl.
This was added for emulation of Linux's CDROMSUBCHNL, but allows users with read access to a cd(4) device to overwrite kernel memory provided that the driver detects some media present. Reimplement CDROMSUBCHNL by bouncing the data from CDIOCREADSUBCHANNEL through the linux_cdrom_subchnl structure passed from userspace. admbugs: 768 Reported by: Alex Fortune Security: CVE-2019-5602 Security: FreeBSD-SA-19:11.cd_ioctl
- Loading branch information...
Showing with 17 additions and 24 deletions.