Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Jun 2017 15:39:26 +1200
From: Murray McAllister <murray.mcallister@...omniasec.com>
To: oss-security@...ts.openwall.com
Subject: Linux kernel: drm/vmwgfx: 4 byte read of uninitialised kernel memory
 in vmw_gb_surface_define_ioctl()

The vmw_gb_surface_define_ioctl() function (accessible via
DRM_IOCTL_VMW_GB_SURFACE_CREATE) defines a backup_handle variable but
does not give it an initial value. If you attempt to create a GB
surface, and provide a previously-allocated DMA buffer to be used as a
backup buffer, the backup_handle variable does not get written to and is
then later returned to user-space.

Upstream commit:

https://github.com/torvalds/linux/commit/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c

CVE:

I'll request one now and reply once I have one.

Chur

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.