Sometimes irda_getsockopt() doesn't initialize all members of list field of irda_device_list struct. This structure is then copied to userland. It leads to leaking of contents of kernel stack memory.
2 net/irda/af_irda.c @@ -2248,6 +2248,8 @@ static int irda_getsockopt(struct socket *sock, int level, int optname, err = -EINVAL; goto out; } + + memset( &list, 0, sizeof(struct irda_device_list) ); /* Ask lmp for the current discovery log */ discoveries = irlmp_get_discoveries(&list.len, self->mask.word,
