Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 Jan 2015 15:43:00 +0100
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: Linux kernel information leak in event device handling

Hi,

This needs a CVE, information leak out of the kernel.

This probably was introduced by commit 483180281f0ac60d1138710eb21f4b9961901294
in Linux 3.9.

Ciao, Marcus

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7c4f56070fde2367766fa1fb04852599b5e1ad35
https://bugzilla.suse.com/show_bug.cgi?id=904899

Input: evdev - fix EVIOCG{type} ioctl

The 'max' size passed into the function is measured in number of bits
(KEY_MAX, LED_MAX, etc) so we need to convert it accordingly before
trying to copy the data out, otherwise we will try copying too much
and end up with up with a page fault.

Reported-by: Pavel Machek <pavel@....cz>
Reviewed-by: Pavel Machek <pavel@....cz>
Reviewed-by: David Herrmann <dh.herrmann@...il.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@...il.com>


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ