oss-sec mailing list archives
CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc
From: Salva Peiró <speirofr () gmail com>
Date: Wed, 21 Oct 2015 12:07:25 +0200
Hello, Are there CVEs for these? If not, could these be assigned, please? http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c media/vivid-osd: fix info leak in ioctl [media] media/vivid-osd: fix info leak in ioctl The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of struct fb_vblank after the ->hcount member. Add an explicit memset(0) before filling the structure to avoid the info leak. http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05 staging/dgnc: fix info leak in ioctl The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved bytes of struct digi_dinfo after the ->dinfo_nboards member. Add an explicit memset(0) before filling the structure to avoid the info leak. -- Salva Peiró @ https://speirofr.appspot.com CS Researcher & Software Engineer Universitat Politècnica de València, Spain.
Current thread:
- CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc Salva Peiró (Oct 21)
- Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc cve-assign (Oct 21)