rpms/kernel
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
dcba3e47ae
kernel/via-ioctl-prevent-reading-uninit-memory.patch

34 lines
1.1 KiB
Diff
Raw Normal View History

clear memory in viafb ioctl (CVE-2010-4082)
2010-11-23 17:14:16 +00:00
From aaa3e9152f27f6cd83c074d7dc99e79897ac8c20 Mon Sep 17 00:00:00 2001
From: Dan Rosenberg <drosenberg@vsecurity.com>
Date: Wed, 15 Sep 2010 19:08:24 -0400
Subject: [PATCH] drivers/video/via/ioctl.c: prevent reading uninitialized stack memory
The VIAFB_GET_INFO device ioctl allows unprivileged users to read 246
bytes of uninitialized stack memory, because the "reserved" member of
the viafb_ioctl_info struct declared on the stack is not altered or
zeroed before being copied back to the user. This patch takes care of
it.
Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
---
drivers/video/via/ioctl.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/drivers/video/via/ioctl.c b/drivers/video/via/ioctl.c
index da03c07..4d553d0 100644
--- a/drivers/video/via/ioctl.c
+++ b/drivers/video/via/ioctl.c
@@ -25,6 +25,8 @@ int viafb_ioctl_get_viafb_info(u_long arg)
{
struct viafb_ioctl_info viainfo;
+ memset(&viainfo, 0, sizeof(struct viafb_ioctl_info));
+
viainfo.viafb_id = VIAID;
viainfo.vendor_id = PCI_VIA_VENDOR_ID;
--
1.7.3.2
Reference in New Issue Copy Permalink