]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: b7f7603) | patch
USB: usbfs: fix potential infoleak in devio
authorKangjie Lu <kangjielu@gmail.com>
Tue, 3 May 2016 20:32:16 +0000 (16:32 -0400)
committerChuck Anderson <chuck.anderson@oracle.com>
Tue, 7 Feb 2017 03:58:11 +0000 (19:58 -0800)
commit6a43f99d3819ca5829a16bc95ef982b225597e47
treec715ca70434c0a387d112438f5798d3e4a352803tree
parentb7f76031ab30c8ece667abc414b42139896e8e9ecommit | diff
USB: usbfs: fix potential infoleak in devio

Orabug: 23267548
CVE: CVE-2016-4482

The stack object “ci” has a total size of 8 bytes. Its last 3 bytes
are padding bytes which are not initialized and leaked to userland
via “copy_to_user”.

Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 681fef8380eb818c0b845fca5d2ab1dcbab114ee)
Signed-off-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
Reviewed-by: Jack Vogel <jack.vogel@oracle.com>
drivers/usb/core/devio.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.