[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: Linux kernel information leak in event device handling
From: Moritz Muehlenhoff <jmm () debian ! org>
Date: 2015-02-24 22:11:47
Message-ID: 20150224221147.GA20304 () pisco ! westfalen ! local
[Download RAW message or body]
On Tue, Jan 20, 2015 at 03:43:00PM +0100, Marcus Meissner wrote:
> Hi,
>
> This needs a CVE, information leak out of the kernel.
>
> This probably was introduced by commit 483180281f0ac60d1138710eb21f4b9961901294
> in Linux 3.9.
>
> Ciao, Marcus
>
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7c4f56070fde2367766fa1fb04852599b5e1ad35
> https://bugzilla.suse.com/show_bug.cgi?id=904899
>
> Input: evdev - fix EVIOCG{type} ioctl
>
> The 'max' size passed into the function is measured in number of bits
> (KEY_MAX, LED_MAX, etc) so we need to convert it accordingly before
> trying to copy the data out, otherwise we will try copying too much
> and end up with up with a page fault.
>
> Reported-by: Pavel Machek <pavel@ucw.cz>
> Reviewed-by: Pavel Machek <pavel@ucw.cz>
> Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
This seems to have fallen through the cracks, explicitly adding
cve-assign to CC.
Cheers,
Moritz
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic