** Description changed: + SRU Justification + + Impact: Recent aacraid backports introduce potential information leaks, + where some stack allocated memory may be copied to userspace without + initialization. + + Fix: Clear out the affected memory before using it to ensure that none + is left uninitialized. + + Test Case: None. Code review should be sufficient to validate the + changes. + + Regression Potential: Negligible. The patch simply memsets some structs + to clear them out prior to any other use. + + --- + aac_send_raw_srb() and aac_get_hba_info() both copy the contents of stack variables to userspace when some of this memory may be uninitialized. The memory should be zeroed out initially to prevent this.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1700077 Title: aacraid driver may return uninitialized stack data to userspace To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1700077/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
