On Tue, 30 May 2017, Manjeet Pawar wrote: > This patch is made to fix below CVE issue where 8 padding bytes are sent to > user without being initialized. Structure members are adjusted to avoid 8 > padding bytes. > > CVE-2016-4569/CVE-2016-4578: > The stack object tread has a total size of 32 bytes. Its field > event and val both contain 4 bytes padding. These 8 bytes > padding bytes are sent to user without being initialized. > > Fix patch: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e > https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 > > These patches does memset on structure object to initialize 8 padding bytes, which can be skipped by > adjusting structure members. And by rearranging the struct members you break existing user space, which is a NONO. The struct has to stay as is. Thanks, tglx -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
