From: Kangjie Lu <kangjielu@xxxxxxxxx> commit 4116def2337991b39919f3b448326e21c40e0dbb upstream. This fixes CVE-2016-5244. The last field "flags" of object "minfo" is not initialized. Copying this object out may leak kernel stack data. Assign 0 to it to avoid leak. Signed-off-by: Kangjie Lu <kjlu@xxxxxxxxxx> Acked-by: Santosh Shilimkar <santosh.shilimkar@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Juerg Haefliger <juerg.haefliger@xxxxxxx> --- net/rds/recv.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/rds/recv.c b/net/rds/recv.c index a00462b0d01d..0514af3ab378 100644 --- a/net/rds/recv.c +++ b/net/rds/recv.c @@ -545,5 +545,7 @@ void rds_inc_info_copy(struct rds_incoming *inc, minfo.fport = inc->i_hdr.h_dport; } + minfo.flags = 0; + rds_info_copy(iter, &minfo, sizeof(minfo)); } -- 2.9.3 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html