Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / b9f0aee83335db1f3915f4e42a5e21b351740afd
commitb9f0aee83335db1f3915f4e42a5e21b351740afd[log] [tgz]
authorDave Airlie <airlied@redhat.com>Tue Aug 17 14:46:00 2010 +1000
committerDave Airlie <airlied@redhat.com>Tue Aug 17 14:51:45 2010 +1000
tree3328b6503f7852868f642263dfa8a3decc487a1e
parent31ce4bfdfd10bf5db9bf85c92bbe0cf2edbdcad8 [diff]
drm: stop information leak of old kernel stack.

non-critical issue, CVE-2010-2803

Userspace controls the amount of memory to be allocate, so it can
get the ioctl to allocate more memory than the kernel uses, and get
access to kernel stack. This can only be done for processes authenticated
to the X server for DRI access, and if the user has DRI access.

Fix is to just memset the data to 0 if the user doesn't copy into
it in the first place.

Reported-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
1 file changed
tree: 3328b6503f7852868f642263dfa8a3decc487a1e
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS