Date: Sun, 30 Jul 2017 12:47:35 +0800 (CST) From: sohu0106 <sohu0106@....com> To: oss-security@...ts.openwall.com Subject: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak net/irda/af_irda.c Sometimes irda_getsockopt() doesn't initialize all members of list field of irda_device_list struct. This structure is then copied to userland. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero , or it will allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure https://github.com/torvalds/linux/pull/440
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.