Re: [PATCH 4.1] [media] media/vivid-osd: fix info leak in ioctl
Hi Greg, On 2016年01月26日 02:18, Greg KH wrote: On Mon, Jan 25, 2016 at 07:42:18PM +0900, Yuki Machida wrote: commit eda98796aff0d9bf41094b06811f5def3b4c333c upstream. The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of struct fb_vblank after the ->hcount member. Add an explicit memset(0) before filling the structure to avoid the info leak. This fixes CVE-2015-7884. Signed-off-by: Salva PeiróSigned-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Yuki Machida --- drivers/media/platform/vivid/vivid-osd.c | 1 + 1 file changed, 1 insertion(+) This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read Documentation/stable_kernel_rules.txt for how to do this properly. Thank you for your advice. I will check stable_kernel_rules.txt again.
Re: [PATCH 4.1] [media] media/vivid-osd: fix info leak in ioctl
On Mon, Jan 25, 2016 at 07:42:18PM +0900, Yuki Machida wrote: > commit eda98796aff0d9bf41094b06811f5def3b4c333c upstream. > > The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of > struct fb_vblank after the ->hcount member. Add an explicit > memset(0) before filling the structure to avoid the info leak. > > This fixes CVE-2015-7884. > > Signed-off-by: Salva Peiró> Signed-off-by: Hans Verkuil > Signed-off-by: Mauro Carvalho Chehab > Signed-off-by: Yuki Machida > --- > drivers/media/platform/vivid/vivid-osd.c | 1 + > 1 file changed, 1 insertion(+) This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read Documentation/stable_kernel_rules.txt for how to do this properly.
Re: [PATCH 4.1] [media] media/vivid-osd: fix info leak in ioctl
It has sent to the wrong Mainling List. sorry. On 2016年01月25日 19:42, Yuki Machida wrote: commit eda98796aff0d9bf41094b06811f5def3b4c333c upstream. The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of struct fb_vblank after the ->hcount member. Add an explicit memset(0) before filling the structure to avoid the info leak. This fixes CVE-2015-7884. Signed-off-by: Salva PeiróSigned-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Yuki Machida --- drivers/media/platform/vivid/vivid-osd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/vivid/vivid-osd.c b/drivers/media/platform/vivid/vivid-osd.c index 084d346..e15eef6 100644 --- a/drivers/media/platform/vivid/vivid-osd.c +++ b/drivers/media/platform/vivid/vivid-osd.c @@ -85,6 +85,7 @@ static int vivid_fb_ioctl(struct fb_info *info, unsigned cmd, unsigned long arg) case FBIOGET_VBLANK: { struct fb_vblank vblank; + memset(, 0, sizeof(vblank)); vblank.flags = FB_VBLANK_HAVE_COUNT | FB_VBLANK_HAVE_VCOUNT | FB_VBLANK_HAVE_VSYNC; vblank.count = 0;
[PATCH 4.1] [media] media/vivid-osd: fix info leak in ioctl
commit eda98796aff0d9bf41094b06811f5def3b4c333c upstream. The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of struct fb_vblank after the ->hcount member. Add an explicit memset(0) before filling the structure to avoid the info leak. This fixes CVE-2015-7884. Signed-off-by: Salva PeiróSigned-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Yuki Machida --- drivers/media/platform/vivid/vivid-osd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/vivid/vivid-osd.c b/drivers/media/platform/vivid/vivid-osd.c index 084d346..e15eef6 100644 --- a/drivers/media/platform/vivid/vivid-osd.c +++ b/drivers/media/platform/vivid/vivid-osd.c @@ -85,6 +85,7 @@ static int vivid_fb_ioctl(struct fb_info *info, unsigned cmd, unsigned long arg) case FBIOGET_VBLANK: { struct fb_vblank vblank; + memset(, 0, sizeof(vblank)); vblank.flags = FB_VBLANK_HAVE_COUNT | FB_VBLANK_HAVE_VCOUNT | FB_VBLANK_HAVE_VSYNC; vblank.count = 0; -- 1.9.1