oss-sec mailing list archives
CVE Request: Linux kernel information leak in event device handling
From: Marcus Meissner <meissner () suse de>
Date: Tue, 20 Jan 2015 15:43:00 +0100
Hi, This needs a CVE, information leak out of the kernel. This probably was introduced by commit 483180281f0ac60d1138710eb21f4b9961901294 in Linux 3.9. Ciao, Marcus http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7c4f56070fde2367766fa1fb04852599b5e1ad35 https://bugzilla.suse.com/show_bug.cgi?id=904899 Input: evdev - fix EVIOCG{type} ioctl The 'max' size passed into the function is measured in number of bits (KEY_MAX, LED_MAX, etc) so we need to convert it accordingly before trying to copy the data out, otherwise we will try copying too much and end up with up with a page fault. Reported-by: Pavel Machek <pavel () ucw cz> Reviewed-by: Pavel Machek <pavel () ucw cz> Reviewed-by: David Herrmann <dh.herrmann () gmail com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov () gmail com>
Current thread:
- CVE Request: Linux kernel information leak in event device handling Marcus Meissner (Jan 20)
- RE: CVE Request: Linux kernel information leak in event device handling Mehaffey, John (Jan 20)
- Re: CVE Request: Linux kernel information leak in event device handling Petr Matousek (Jan 21)
- Re: CVE Request: Linux kernel information leak in event device handling Pavel Machek (Jan 21)
- Re: CVE Request: Linux kernel information leak in event device handling Petr Matousek (Jan 21)
- Re: CVE Request: Linux kernel information leak in event device handling Petr Matousek (Jan 21)
- RE: CVE Request: Linux kernel information leak in event device handling Mehaffey, John (Jan 20)
- Re: CVE Request: Linux kernel information leak in event device handling Moritz Muehlenhoff (Feb 24)