| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jan 2016 16:59:57 +0900 From: Yuki Machida <machida.yuki@...fujitsu.com> To: Greg KH <gregkh@...uxfoundation.org> Cc: netdev@...r.kernel.org, Salva Peiró <speirofr@...il.com>, Hans Verkuil <hans.verkuil@...co.com>, Mauro Carvalho Chehab <mchehab@....samsung.com> Subject: Re: [PATCH 4.1] [media] media/vivid-osd: fix info leak in ioctl Hi Greg, On 2016年01月26日 02:18, Greg KH wrote: > On Mon, Jan 25, 2016 at 07:42:18PM +0900, Yuki Machida wrote: >> commit eda98796aff0d9bf41094b06811f5def3b4c333c upstream. >> >> The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of >> struct fb_vblank after the ->hcount member. Add an explicit >> memset(0) before filling the structure to avoid the info leak. >> >> This fixes CVE-2015-7884. >> >> Signed-off-by: Salva Peiró <speirofr@...il.com> >> Signed-off-by: Hans Verkuil <hans.verkuil@...co.com> >> Signed-off-by: Mauro Carvalho Chehab <mchehab@....samsung.com> >> Signed-off-by: Yuki Machida <machida.yuki@...fujitsu.com> >> --- >> drivers/media/platform/vivid/vivid-osd.c | 1 + >> 1 file changed, 1 insertion(+) > > <formletter> > > This is not the correct way to submit patches for inclusion in the > stable kernel tree. Please read Documentation/stable_kernel_rules.txt > for how to do this properly. Thank you for your advice. I will check stable_kernel_rules.txt again. > </formletter> >
Powered by blists - more mailing lists