The 2 commits that fix CVE-2013-2147 have been merged upstream but have not been tagged for stable kernels. They seem to be clean cherry-picks for all the stable kernel trees.
Please consider picking the following commits for all the trees: commit 627aad1c01da6f881e7f98d71fd928ca0c316b1a Author: Dan Carpenter <[email protected]> Date: Tue Sep 24 15:27:44 2013 -0700 cpqarray: fix info leak in ida_locked_ioctl() The pciinfo struct has a two byte hole after ->dev_fn so stack information could be leaked to the user. This was assigned CVE-2013-2147. Signed-off-by: Dan Carpenter <[email protected]> Acked-by: Mike Miller <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> commit 58f09e00ae095e46ef9edfcf3a5fd9ccdfad065e Author: Dan Carpenter <[email protected]> Date: Tue Sep 24 15:27:45 2013 -0700 cciss: fix info leak in cciss_ioctl32_passthru() The arg64 struct has a hole after ->buf_size which isn't cleared. Or if any of the calls to copy_from_user() fail then that would cause an information leak as well. This was assigned CVE-2013-2147. Signed-off-by: Dan Carpenter <[email protected]> Acked-by: Mike Miller <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Cheers, -- Luis
signature.asc
Description: PGP signature
