oss-sec mailing list archives
kernel: fix minor infoleak in get_user_ex()
From: Shawn <citypw () gmail com>
Date: Thu, 3 Nov 2016 12:44:32 +0800
Hi guys, I suppose this bug should get a CVE number. Info: get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak (at most we are leaking uninitialized 64bit value off the kernel stack, and in a fairly constrained situation, at that), but the fix is trivial, so... Cc: stable () vger kernel org Signed-off-by: Al Viro <viro () zeniv linux org uk> [ This sat in different branch from the uaccess fixes since mid-August ] Signed-off-by: Linus Torvalds <torvalds () linux-foundation org> Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af Impact: According to Spender: https://lwn.net/Articles/705264/ Mitigation: PaX/Grsecurity's KERNEXEC/UDEREF SMEP -- GNU powered it... GPL protect it... God blessing it... regards Shawn
Current thread:
- kernel: fix minor infoleak in get_user_ex() Shawn (Nov 03)
- Re: kernel: fix minor infoleak in get_user_ex() cve-assign (Nov 04)
- Re: Re: kernel: fix minor infoleak in get_user_ex() Moritz Muehlenhoff (Nov 07)
- Re: kernel: fix minor infoleak in get_user_ex() cve-assign (Nov 28)
- Re: Re: kernel: fix minor infoleak in get_user_ex() Moritz Muehlenhoff (Nov 07)
- Re: kernel: fix minor infoleak in get_user_ex() cve-assign (Nov 04)