58f09e00ae
The arg64 struct has a hole after ->buf_size which isn't cleared. Or if any of the calls to copy_from_user() fail then that would cause an information leak as well. This was assigned CVE-2013-2147. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Mike Miller <mike.miller@hp.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|---|---|---|
| .. | ||
| aoe | ||
| drbd | ||
| mtip32xx | ||
| paride | ||
| rsxx | ||
| xen-blkback | ||
| amiflop.c | ||
| ataflop.c | ||
| brd.c | ||
| cciss_cmd.h | ||
| cciss_scsi.c | ||
| cciss_scsi.h | ||
| cciss.c | ||
| cciss.h | ||
| cpqarray.c | ||
| cpqarray.h | ||
| cryptoloop.c | ||
| DAC960.c | ||
| DAC960.h | ||
| floppy.c | ||
| hd.c | ||
| ida_cmd.h | ||
| ida_ioctl.h | ||
| Kconfig | ||
| loop.c | ||
| loop.h | ||
| Makefile | ||
| mg_disk.c | ||
| nbd.c | ||
| nvme-core.c | ||
| nvme-scsi.c | ||
| osdblk.c | ||
| pktcdvd.c | ||
| ps3disk.c | ||
| ps3vram.c | ||
| rbd_types.h | ||
| rbd.c | ||
| smart1,2.h | ||
| sunvdc.c | ||
| swim3.c | ||
| swim_asm.S | ||
| swim.c | ||
| sx8.c | ||
| umem.c | ||
| umem.h | ||
| virtio_blk.c | ||
| xen-blkfront.c | ||
| xsysace.c | ||
| z2ram.c | ||