The following issues were found

mm/memory.c
2 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 5137 Column: 36 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              			vma = vma_lookup(mm, addr);
			if (!vma)
				break;
			if (vma->vm_ops && vma->vm_ops->access)
				ret = vma->vm_ops->access(vma, addr, buf,
							  len, write);
			if (ret <= 0)
				break;
			bytes = ret;

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 5138 Column: 24 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              			if (!vma)
				break;
			if (vma->vm_ops && vma->vm_ops->access)
				ret = vma->vm_ops->access(vma, addr, buf,
							  len, write);
			if (ret <= 0)
				break;
			bytes = ret;
#endif

Reported by FlawFinder.

net/bridge/netfilter/nf_conntrack_bridge.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 132 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              static void br_skb_cb_save(struct sk_buff *skb, struct br_input_skb_cb *cb,
			   size_t inet_skb_parm_size)
{
	memcpy(cb, skb->cb, sizeof(*cb));
	memset(skb->cb, 0, inet_skb_parm_size);
}

static void br_skb_cb_restore(struct sk_buff *skb,
			      const struct br_input_skb_cb *cb,

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 140 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			      const struct br_input_skb_cb *cb,
			      u16 fragsz)
{
	memcpy(skb->cb, cb, sizeof(*cb));
	BR_INPUT_SKB_CB(skb)->frag_max_size = fragsz;
}

static unsigned int nf_ct_br_defrag4(struct sk_buff *skb,
				     const struct nf_hook_state *state)

Reported by FlawFinder.

include/uapi/linux/ip6_tunnel.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 28 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define IP6_TNL_F_ALLOW_LOCAL_REMOTE 0x40

struct ip6_tnl_parm {
	char name[IFNAMSIZ];	/* name of tunnel device */
	int link;		/* ifindex of underlying L2 interface */
	__u8 proto;		/* tunnel protocol */
	__u8 encap_limit;	/* encapsulation limit for tunnel */
	__u8 hop_limit;		/* hop limit for tunnel */
	__be32 flowinfo;	/* traffic class and flowlabel for tunnel */

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 40 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              };

struct ip6_tnl_parm2 {
	char name[IFNAMSIZ];	/* name of tunnel device */
	int link;		/* ifindex of underlying L2 interface */
	__u8 proto;		/* tunnel protocol */
	__u8 encap_limit;	/* encapsulation limit for tunnel */
	__u8 hop_limit;		/* hop limit for tunnel */
	__be32 flowinfo;	/* traffic class and flowlabel for tunnel */

Reported by FlawFinder.

include/net/caif/cfctrl.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 77 Column: 4 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
		struct {
			u32 connid;	/* Connection ID used for RFM */
			char volume[20];	/* Volume to mount for RFM */
		} rfm;		/* Configuration for RFM */

		struct {
			u16 fifosize_kb;	/* Psock FIFO size in KB */
			u16 fifosize_bufs;	/* Psock # signal buffers */

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 83 Column: 4 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		struct {
			u16 fifosize_kb;	/* Psock FIFO size in KB */
			u16 fifosize_bufs;	/* Psock # signal buffers */
			char name[16];	/* Name of the PSOCK service */
			u8 params[255];	/* Link setup Parameters> */
			u16 paramlen;	/* Length of Link Setup
						 *   Parameters */
		} utility;	/* Configuration for Utility Links (Psock) */
	} u;

Reported by FlawFinder.

include/uapi/linux/netfilter/xt_SECMARK.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 20 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct xt_secmark_target_info {
	__u8 mode;
	__u32 secid;
	char secctx[SECMARK_SECCTX_MAX];
};

struct xt_secmark_target_info_v1 {
	__u8 mode;
	char secctx[SECMARK_SECCTX_MAX];

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 25 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct xt_secmark_target_info_v1 {
	__u8 mode;
	char secctx[SECMARK_SECCTX_MAX];
	__u32 secid;
};

#endif /*_XT_SECMARK_H_target */

Reported by FlawFinder.

include/uapi/linux/netfilter_arp/arpt_mangle.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 9 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define ARPT_MANGLE_ADDR_LEN_MAX sizeof(struct in_addr)
struct arpt_mangle
{
	char src_devaddr[ARPT_DEV_ADDR_LEN_MAX];
	char tgt_devaddr[ARPT_DEV_ADDR_LEN_MAX];
	union {
		struct in_addr src_ip;
	} u_s;
	union {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 10 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct arpt_mangle
{
	char src_devaddr[ARPT_DEV_ADDR_LEN_MAX];
	char tgt_devaddr[ARPT_DEV_ADDR_LEN_MAX];
	union {
		struct in_addr src_ip;
	} u_s;
	union {
		struct in_addr tgt_ip;

Reported by FlawFinder.

kernel/ptrace.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 609 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int copied = 0;

	while (len > 0) {
		char buf[128];
		int this_len, retval;

		this_len = (len > sizeof(buf)) ? sizeof(buf) : len;
		retval = ptrace_access_vm(tsk, src, buf, this_len, FOLL_FORCE);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 635 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int copied = 0;

	while (len > 0) {
		char buf[128];
		int this_len, retval;

		this_len = (len > sizeof(buf)) ? sizeof(buf) : len;
		if (copy_from_user(buf, src, this_len))
			return -EFAULT;

Reported by FlawFinder.

net/mac80211/he.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 144 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	memcpy(&he_cap->he_cap_elem, he_cap_ie, sizeof(he_cap->he_cap_elem));

	/* HE Tx/Rx HE MCS NSS Support Field */
	memcpy(&he_cap->he_mcs_nss_supp,
	       &he_cap_ie[sizeof(he_cap->he_cap_elem)], mcs_nss_size);

	/* Check if there are (optional) PPE Thresholds */
	if (he_cap->he_cap_elem.phy_cap_info[6] &
	    IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 150 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* Check if there are (optional) PPE Thresholds */
	if (he_cap->he_cap_elem.phy_cap_info[6] &
	    IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT)
		memcpy(he_cap->ppe_thres,
		       &he_cap_ie[sizeof(he_cap->he_cap_elem) + mcs_nss_size],
		       he_ppe_size);

	he_cap->has_he = true;

Reported by FlawFinder.

include/net/bond_3ad.h
2 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 199 Column: 18 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              } aggregator_t;

struct port_params {
	struct mac_addr system;
	u16 system_priority;
	u16 key;
	u16 port_number;
	u16 port_priority;
	u16 port_state;

Reported by FlawFinder.

system - This causes a new program to execute and is difficult to use safely
Security

Line: 263 Column: 19 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              #define SLAVE_AD_INFO(slave) ((slave)->ad_info)

struct ad_bond_info {
	struct ad_system system;	/* 802.3ad system structure */
	struct bond_3ad_stats stats;
	u32 agg_select_timer;		/* Timer to select aggregator after all adapter's hand shakes */
	u16 aggregator_identifier;
};

Reported by FlawFinder.

include/trace/events/i2c.h
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 42 Column: 10 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		       __entry->addr = msg->addr;
		       __entry->flags = msg->flags;
		       __entry->len = msg->len;
		       memcpy(__get_dynamic_array(buf), msg->buf, msg->len);
			      ),
	       TP_printk("i2c-%d #%u a=%03x f=%04x l=%u [%*phD]",
			 __entry->adapter_nr,
			 __entry->msg_nr,
			 __entry->addr,

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 106 Column: 10 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		       __entry->addr = msg->addr;
		       __entry->flags = msg->flags;
		       __entry->len = msg->len;
		       memcpy(__get_dynamic_array(buf), msg->buf, msg->len);
			      ),
	       TP_printk("i2c-%d #%u a=%03x f=%04x l=%u [%*phD]",
			 __entry->adapter_nr,
			 __entry->msg_nr,
			 __entry->addr,

Reported by FlawFinder.