'[oss-security] Linux kernel: driver/video/fbdev/aty/atyfb_base.c: atyfb_ioctl() stack infoleak'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Linux kernel: driver/video/fbdev/aty/atyfb_base.c: atyfb_ioctl() stack infoleak
From:       sohu0106 <sohu0106 () 126 ! com>
Date:       2017-07-30 4:49:04
Message-ID: 40339054.1134.15d91d384bc.Coremail.sohu0106 () 126 ! com
[Download RAW message or body]

[Attachment #2 (text/plain)]

driver/video/fbdev/aty/atyfb_base.c

In atyfb_ioctl() structure atyclk is copied to userland with padding bytes after
"vclk_post_div" field unitialized.  It leads to leaking of
contents of kernel stack memory.  We have to initialize them to zero. or it will allows local \
users to obtain potentially sensitive information from kernel stack memory by reading a copy of \
this structure

https://github.com/torvalds/linux/pull/441

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic