Date: Mon, 21 Sep 2015 14:45:13 -0400 From: Daniel Micay <danielmicay@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities > CVE-2015-1800 is prevented by the STRUCTLEAK GCC plugin. So I'm wrong about this part, as pipacs pointed out the __user marking is missing here, so it won't memset it in this case. The missing __user would be found by upstream's sparse tool or the PaX checker plugin though. The STRUCTLEAK plugin could also be extended to zero based on the copy_*_user calls, but that's probably not very useful since the missing __user markings could just be found via the existing tooling and fixed. Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.