This is a note to let you know that I've just added the patch titled
usb: misc: sisusbvga: fix information leak to userland
to the 2.6.36-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
usb-misc-sisusbvga-fix-information-leak-to-userland.patch
and it can be found in the queue-2.6.36 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 5dc92cf1d0b4b0debbd2e333b83f9746c103533d Mon Sep 17 00:00:00 2001
From: Vasiliy Kulikov <[email protected]>
Date: Sat, 6 Nov 2010 17:41:35 +0300
Subject: usb: misc: sisusbvga: fix information leak to userland
From: Vasiliy Kulikov <[email protected]>
commit 5dc92cf1d0b4b0debbd2e333b83f9746c103533d upstream.
Structure sisusb_info is copied to userland with "sisusb_reserved" field
uninitialized. It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/misc/sisusbvga/sisusb.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/misc/sisusbvga/sisusb.c
+++ b/drivers/usb/misc/sisusbvga/sisusb.c
@@ -3008,6 +3008,7 @@ sisusb_ioctl(struct file *file, unsigned
#else
x.sisusb_conactive = 0;
#endif
+ memset(x.sisusb_reserved, 0, sizeof(x.sisusb_reserved));
if (copy_to_user((void __user *)arg, &x, sizeof(x)))
retval = -EFAULT;
Patches currently in stable-queue which might be from [email protected] are
queue-2.6.36/kvm-x86-fix-information-leak-to-userland.patch
queue-2.6.36/usb-misc-sisusbvga-fix-information-leak-to-userland.patch
queue-2.6.36/usb-misc-iowarrior-fix-information-leak-to-userland.patch
queue-2.6.36/ipc-shm-fix-information-leak-to-userland.patch
queue-2.6.36/usb-core-fix-information-leak-to-userland.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
