Re: CVE request - kernel: xfs infoleak

[Eugene Teo <eugene () redhat com>]

On 02/16/2011 04:41 PM, Eugene Teo wrote:
>  From Dan R0s3nbug5, "The FSGEOMETRY_V1 ioctl (and its compat
> equivalent) calls out to xfs_fs_geometry() with a version number of 3.
> This code path does not fill in the logsunit member of the passed
> xfs_fsop_geom_t, leading to the leaking of four bytes of uninitialized
> stack data to potentially unprivileged callers. Since all other members
> are filled in all code paths and there are no padding bytes in this
> structure, it's safe to avoid an expensive memset() in favor of just
> clearing this one field."
>
> https://patchwork.kernel.org/patch/555461/
> https://bugzilla.redhat.com/show_bug.cgi?id=677260

There's an issue with the patch, here's the fix to the fix:
http://www.spinics.net/lists/xfs/msg03801.html

Eugene
--
Eugene Teo / Red Hat Security Response Team