oss-sec mailing list archives

Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE

From: P J P <ppandit () redhat com>
Date: Mon, 8 Apr 2013 18:30:02 +0530 (IST)

  Hi,
+-- On Fri, 5 Apr 2013, Marcus Meissner wrote --+
| Should also get a CVE.
| https://github.com/torvalds/linux/commit/12176503366885edd542389eed3aaf94be163fdb

Comments around get_user() macro say that in case of an error, destination 
variable @x is set to zero.

 -> https://github.com/torvalds/linux/blob/master/arch/x86/include/asm/uaccess.h#L134

Just to confirm, is it the same macro that is called from fs/compat_ioctl.c ?

Thank you.
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Current thread:

CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Marcus Meissner (Apr 05)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Kurt Seifried (Apr 05)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
  - Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
    - Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
    - Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
    - Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
    - Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
    - Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
    - Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
    - Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
    - Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 09)