lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Mar 2017 11:46:10 +0000 From: Ben Hutchings <ben@...adent.org.uk> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org CC: akpm@...ux-foundation.org, "Wolfram Sang" <wsa@...-dreams.de>, "Vlad Tsyrklevich" <vlad@...rklevich.net> Subject: [PATCH 3.2 112/199] i2c: fix kernel memory disclosure in dev interface 3.2.87-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Vlad Tsyrklevich <vlad@...rklevich.net> commit 30f939feaeee23e21391cfc7b484f012eb189c3c upstream. i2c_smbus_xfer() does not always fill an entire block, allowing kernel stack memory disclosure through the temp variable. Clear it before it's read to. Signed-off-by: Vlad Tsyrklevich <vlad@...rklevich.net> Signed-off-by: Wolfram Sang <wsa@...-dreams.de> Signed-off-by: Ben Hutchings <ben@...adent.org.uk> --- drivers/i2c/i2c-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/i2c/i2c-dev.c +++ b/drivers/i2c/i2c-dev.c @@ -310,7 +310,7 @@ static noinline int i2cdev_ioctl_smbus(s unsigned long arg) { struct i2c_smbus_ioctl_data data_arg; - union i2c_smbus_data temp; + union i2c_smbus_data temp = {}; int datasize, res; if (copy_from_user(&data_arg,
Powered by blists - more mailing lists