oss-sec mailing list archives
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE
From: Dan Carpenter <dan.carpenter () oracle com>
Date: Mon, 8 Apr 2013 16:49:30 +0300
On Mon, Apr 08, 2013 at 06:30:02PM +0530, P J P wrote:
Hi, +-- On Fri, 5 Apr 2013, Marcus Meissner wrote --+ | Should also get a CVE. | https://github.com/torvalds/linux/commit/12176503366885edd542389eed3aaf94be163fdb Comments around get_user() macro say that in case of an error, destination variable @x is set to zero. -> https://github.com/torvalds/linux/blob/master/arch/x86/include/asm/uaccess.h#L134 Just to confirm, is it the same macro that is called from fs/compat_ioctl.c ?
The x86 verion is ok but asm-generic version of get_user() doesn't clear x. include/asm-generic/uaccess.h 226 #define get_user(x, ptr) \ 227 ({ \ 228 might_sleep(); \ 229 access_ok(VERIFY_READ, ptr, sizeof(*ptr)) ? \ 230 __get_user(x, ptr) : \ 231 -EFAULT; \ 232 }) regards, dan carpenter
Current thread:
- CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Marcus Meissner (Apr 05)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Kurt Seifried (Apr 05)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 09)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)