On Mon, Jan 25, 2016 at 07:42:18PM +0900, Yuki Machida wrote: > commit eda98796aff0d9bf41094b06811f5def3b4c333c upstream. > > The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of > struct fb_vblank after the ->hcount member. Add an explicit > memset(0) before filling the structure to avoid the info leak. > > This fixes CVE-2015-7884. > > Signed-off-by: Salva Peiró <speir...@gmail.com> > Signed-off-by: Hans Verkuil <hans.verk...@cisco.com> > Signed-off-by: Mauro Carvalho Chehab <mche...@osg.samsung.com> > Signed-off-by: Yuki Machida <machida.y...@jp.fujitsu.com> > --- > drivers/media/platform/vivid/vivid-osd.c | 1 + > 1 file changed, 1 insertion(+)
<formletter> This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read Documentation/stable_kernel_rules.txt for how to do this properly. </formletter>
