The patch titled drivers/video/sis/sis_main.c: prevent reading uninitialized stack memory has been added to the -mm tree. Its filename is drivers-video-sis-sis_mainc-prevent-reading-uninitialized-stack-memory.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find out what to do about this The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: drivers/video/sis/sis_main.c: prevent reading uninitialized stack memory From: Dan Rosenberg <drosenberg@xxxxxxxxxxxxx> The FBIOGET_VBLANK device ioctl allows unprivileged users to read 16 bytes of uninitialized stack memory, because the "reserved" member of the fb_vblank struct declared on the stack is not altered or zeroed before being copied back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@xxxxxxxxx> Cc: Thomas Winischhofer <thomas@xxxxxxxxxxxxxxxx> Cc: <stable@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- drivers/video/sis/sis_main.c | 3 +++ 1 file changed, 3 insertions(+) diff -puN drivers/video/sis/sis_main.c~drivers-video-sis-sis_mainc-prevent-reading-uninitialized-stack-memory drivers/video/sis/sis_main.c --- a/drivers/video/sis/sis_main.c~drivers-video-sis-sis_mainc-prevent-reading-uninitialized-stack-memory +++ a/drivers/video/sis/sis_main.c @@ -1701,6 +1701,9 @@ static int sisfb_ioctl(struct fb_info *i break; case FBIOGET_VBLANK: + + memset(&sisvbblank, 0, sizeof(struct fb_vblank)); + sisvbblank.count = 0; sisvbblank.flags = sisfb_setupvbblankflags(ivideo, &sisvbblank.vcount, &sisvbblank.hcount); _ Patches currently in -mm which might be from drosenberg@xxxxxxxxxxxxx are linux-next.patch drivers-serial-serial_corec-prevent-reading-uninitialized-stack-memory.patch drivers-video-sis-sis_mainc-prevent-reading-uninitialized-stack-memory.patch drivers-char-amiserialc-prevent-reading-uninitialized-stack-memory.patch drivers-char-nozomic-prevent-reading-uninitialized-stack-memory.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html