]> git.karo-electronics.de Git - karo-tx-linux.git/commit
projects / karo-tx-linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fefdf26) | patch
kernel/sys.c: fix stack memory content leak via UNAME26
authorKees Cook <keescook@chromium.org>
Fri, 12 Oct 2012 04:22:43 +0000 (15:22 +1100)
committerStephen Rothwell <sfr@canb.auug.org.au>
Wed, 17 Oct 2012 02:05:58 +0000 (13:05 +1100)
commite142fe1ccfae17d2bcafdb4de5741bf064ba107c
treeff47f95ee3e2c789968284c286548343db926254tree | snapshot
parentfefdf26ab9b5d2c287da12e35f843834e9336367commit | diff
kernel/sys.c: fix stack memory content leak via UNAME26

Calling uname() with the UNAME26 personality set allows a leak of kernel
stack contents.  This fixes it by defensively calculating the length of
copy_to_user() call, making the len argument unsigned, and initializing
the stack buffer to zero (now technically unneeded, but hey, overkill).

CVE-2012-0957

Reported-by: PaX Team <pageexec@freemail.hu>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: PaX Team <pageexec@freemail.hu>
Cc: Brad Spengler <spender@grsecurity.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
kernel/sys.c diff | blob | history
Linux kernel for KaRo TX COM modules