| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250724210451.108177-1-contact@arnaud-lcm.com>
Date: Thu, 24 Jul 2025 22:04:51 +0100
From: Arnaud Lecomte <contact@...aud-lcm.com>
To: abbotti@....co.uk,
hsweeten@...ionengravers.com,
gregkh@...uxfoundation.org,
syzbot+a5e45f768aab5892da5d@...kaller.appspotmail.com
Cc: contact@...aud-lcm.com,
jannh@...gle.com,
linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: [PATCH] comedi: zero-init data in do_insn_ioctl
KMSAN reported a kernel-infoleak when copying instruction data back to
userspace in do_insnlist_ioctl(). The issue occurs because allocated
memory buffers weren't properly initialized (not
zero initialized) before being copied to
userspace, potentially leaking kernel memory.
Reported-by: syzbot+a5e45f768aab5892da5d@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=a5e45f768aab5892da5d
Tested-by: syzbot+a5e45f768aab5892da5d@...kaller.appspotmail.com
Signed-off-by: Arnaud Lecomte <contact@...aud-lcm.com>
---
drivers/comedi/comedi_fops.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/comedi/comedi_fops.c b/drivers/comedi/comedi_fops.c
index c83fd14dd7ad..15fee829d14c 100644
--- a/drivers/comedi/comedi_fops.c
+++ b/drivers/comedi/comedi_fops.c
@@ -1636,7 +1636,7 @@ static int do_insn_ioctl(struct comedi_device *dev,
n_data = MAX_SAMPLES;
}
- data = kmalloc_array(n_data, sizeof(unsigned int), GFP_KERNEL);
+ data = kcalloc(n_data, sizeof(unsigned int), GFP_KERNEL);
if (!data) {
ret = -ENOMEM;
goto error;
--
2.43.0
Powered by blists - more mailing lists