Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak

[John Haxby <john.haxby () oracle com>]

On 30/07/17 05:47, sohu0106 wrote:
> net/irda/af_irda.c
>
> Sometimes irda_getsockopt() doesn't initialize all members of list field of irda_device_list struct.  This structure 
> is then copied to
> userland.  It leads to leaking of contents of kernel stack memory.  We have to initialize them to zero , or it will 
> allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this 
> structure
>
> https://github.com/torvalds/linux/pull/440

Have you requested a CVE for this?

jch