Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 24 Feb 2015 23:11:47 +0100
From: Moritz Muehlenhoff <>
Subject: Re: CVE Request: Linux kernel information leak in
 event device handling

On Tue, Jan 20, 2015 at 03:43:00PM +0100, Marcus Meissner wrote:
> Hi,
> This needs a CVE, information leak out of the kernel.
> This probably was introduced by commit 483180281f0ac60d1138710eb21f4b9961901294
> in Linux 3.9.
> Ciao, Marcus
> Input: evdev - fix EVIOCG{type} ioctl
> The 'max' size passed into the function is measured in number of bits
> (KEY_MAX, LED_MAX, etc) so we need to convert it accordingly before
> trying to copy the data out, otherwise we will try copying too much
> and end up with up with a page fault.
> Reported-by: Pavel Machek <>
> Reviewed-by: Pavel Machek <>
> Reviewed-by: David Herrmann <>
> Signed-off-by: Dmitry Torokhov <>

This seems to have fallen through the cracks, explicitly adding
cve-assign to CC.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ