I believe this commit is required for all the stable trees to fix CVE-2013-2164. commit 542db01579fbb7ea7d1f7bb9ddcef1559df660b2 Author: Jonathan Salwan <jonathan.salwan@xxxxxxxxx> Date: Wed Jul 3 15:01:13 2013 -0700 drivers/cdrom/cdrom.c: use kzalloc() for failing hardware In drivers/cdrom/cdrom.c mmc_ioctl_cdrom_read_data() allocates a memory area with kmalloc in line 2885. 2885 cgc->buffer = kmalloc(blocksize, GFP_KERNEL); 2886 if (cgc->buffer == NULL) 2887 return -ENOMEM; In line 2908 we can find the copy_to_user function: 2908 if (!ret && copy_to_user(arg, cgc->buffer, blocksize)) The cgc->buffer is never cleaned and initialized before this function. If ret = 0 with the previous basic block, it's possible to display some memory bytes in kernel space from userspace. When we read a block from the disk it normally fills the ->buffer but if the drive is malfunctioning there is a chance that it would only be partially filled. The result is an leak information to userspace. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Cc: Jens Axboe <axboe@xxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Cheers, -- Luis
Attachment:
signature.asc
Description: PGP signature