This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- zesty' to 'verification-done-zesty'. If the problem still exists, change the tag 'verification-needed-zesty' to 'verification-failed-zesty'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-zesty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1700077 Title: aacraid driver may return uninitialized stack data to userspace Status in linux package in Ubuntu: Fix Committed Status in linux source package in Zesty: Fix Committed Bug description: SRU Justification Impact: Recent aacraid backports introduce potential information leaks, where some stack allocated memory may be copied to userspace without initialization. Fix: Clear out the affected memory before using it to ensure that none is left uninitialized. Test Case: None. Code review should be sufficient to validate the changes. Regression Potential: Negligible. The patch simply memsets some structs to clear them out prior to any other use. --- aac_send_raw_srb() and aac_get_hba_info() both copy the contents of stack variables to userspace when some of this memory may be uninitialized. The memory should be zeroed out initially to prevent this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1700077/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
