CVE Request: kernel info leak in tkill/tgkill

[Marcus Meissner <meissner () suse de>]

Hi,

This small Linux kernel info leaks still needs a CVE I think.

b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f
Author: Emese Revfy <re.emese () gmail com>
Date:   Wed Apr 17 15:58:36 2013 -0700

    kernel/signal.c: stop info leak via the tkill and the tgkill syscalls

    This fixes a kernel memory contents leak via the tkill and tgkill syscalls
    for compat processes.

    This is visible in the siginfo_t->_sifields._rt.si_sigval.sival_ptr field
    when handling signals delivered from tkill.

    The place of the infoleak:

    int copy_siginfo_to_user32(compat_siginfo_t __user *to, siginfo_t *from)
    {
            ...
            put_user_ex(ptr_to_compat(from->si_ptr), &to->si_ptr);
            ...
    }

    Signed-off-by: Emese Revfy <re.emese () gmail com>
    Reviewed-by: PaX Team <pageexec () freemail hu>
    Signed-off-by: Kees Cook <keescook () chromium org>
    Cc: Al Viro <viro () zeniv linux org uk>
    Cc: Oleg Nesterov <oleg () redhat com>
    Cc: "Eric W. Biederman" <ebiederm () xmission com>
    Cc: Serge Hallyn <serge.hallyn () canonical com>
    Cc: <stable () vger kernel org>
    Signed-off-by: Andrew Morton <akpm () linux-foundation org>
    Signed-off-by: Linus Torvalds <torvalds () linux-foundation org>