lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 25 Mar 2015 09:33:53 +0100
From:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:	Alexander Holler <holler@...oftware.de>
Cc:	linux-kernel@...r.kernel.org, stable@...r.kernel.org,
	Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH 3.19 091/123] gadgetfs: use-after-free in ->aio_read()

On Tue, Mar 24, 2015 at 07:06:56PM +0100, Alexander Holler wrote:
> Am 24.03.2015 um 18:58 schrieb Greg Kroah-Hartman:
> >On Tue, Mar 24, 2015 at 06:30:17PM +0100, Alexander Holler wrote:
> >>Am 24.03.2015 um 16:46 schrieb Greg Kroah-Hartman:
> >>>3.19-stable review patch.  If anyone has any objections, please let me know.
> >>>
> >>>------------------
> >>>
> >>>From: Al Viro <viro@...iv.linux.org.uk>
> >>>
> >>>commit f01d35a15fa04162a58b95970fc01fa70ec9dacd upstream.
> >>
> >>Just what I've thought. Please see
> >>
> >>https://lkml.org/lkml/2015/3/15/5
> >
> >I have no idea what you are asking me to do here, please be specific.
> 
> In order to not become blamed for mangling some language, here's a machine
> generated output:
> 
> ------
> wandq linux # git co -b t v3.19.2
> Switched to a new branch 't'
> wandq linux # git am /tmp/\[PATCH\ 3.19\ 091_123\]\ gadgetfs\:\
> use-after-free\ in\ -\>aio_read\(\).eml
> Applying: gadgetfs: use-after-free in ->aio_read()
> wandq linux # make drivers/usb/gadget/legacy/gadgetfs.ko
> (...)
>   CALL    scripts/checksyscalls.sh
>   CC [M]  drivers/usb/gadget/legacy/inode.o
> drivers/usb/gadget/legacy/inode.c: In function 'ep_aio_rwtail':
> drivers/usb/gadget/legacy/inode.c:642:12: warning: 'value' may be used
> uninitialized in this function [-Wmaybe-uninitialized]
>   ssize_t   value;
>             ^
>   LD [M]  drivers/usb/gadget/legacy/gadgetfs.o
> (...)
> ------

Is there a specific patch that is in Linus's tree that fixes this issue
that I should be applying to the stable tree?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ