lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <592b793c.aa4f.15da866df61.Coremail.sohu0106@126.com>
Date:   Thu, 3 Aug 2017 22:01:40 +0800 (CST)
From:   sohu0106 <sohu0106@....com>
To:     linux-fbdev@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org
Subject: driver/video/fbdev/aty/atyfb_base.c: atyfb_ioctl() stack infoleak




driver/video/fbdev/aty/atyfb_base.c
In atyfb_ioctl() structure atyclk is copied to userland with padding bytes after "vclk_post_div" field unitialized.  It leads to leaking of contents of kernel stack memory.



3  drivers/video/fbdev/aty/atyfb_base.c
 @@ -1857,6 +1857,9 @@ static int atyfb_ioctl(struct fb_info *info, u_int cmd, u_long arg)
  		if (M64_HAS(INTEGRATED)) {
  			struct atyclk clk;
  			union aty_pll *pll = &par->pll;
 +			
 +			memset( &clk, 0, sizeof(struct atyclk) );
 +			
  			u32 dsp_config = pll->ct.dsp_config;
  			u32 dsp_on_off = pll->ct.dsp_on_off;
  			clk.ref_clk_per = par->ref_clk_per;


 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ