This is a note to let you know that I've just added the patch titled irda: do not leak initialized list.dev to userspace to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: irda-do-not-leak-initialized-list.dev-to-userspace.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Thu Aug 24 17:44:02 PDT 2017 From: Colin Ian King <colin.king@xxxxxxxxxxxxx> Date: Thu, 17 Aug 2017 23:14:58 +0100 Subject: irda: do not leak initialized list.dev to userspace From: Colin Ian King <colin.king@xxxxxxxxxxxxx> [ Upstream commit b024d949a3c24255a7ef1a470420eb478949aa4c ] list.dev has not been initialized and so the copy_to_user is copying data from the stack back to user space which is a potential information leak. Fix this ensuring all of list is initialized to zero. Detected by CoverityScan, CID#1357894 ("Uninitialized scalar variable") Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/irda/af_irda.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/irda/af_irda.c +++ b/net/irda/af_irda.c @@ -2223,7 +2223,7 @@ static int irda_getsockopt(struct socket { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); - struct irda_device_list list; + struct irda_device_list list = { 0 }; struct irda_device_info *discoveries; struct irda_ias_set * ias_opt; /* IAS get/query params */ struct ias_object * ias_obj; /* Object in IAS */ Patches currently in stable-queue which might be from colin.king@xxxxxxxxxxxxx are queue-4.9/nfp-fix-infinite-loop-on-umapping-cleanup.patch queue-4.9/irda-do-not-leak-initialized-list.dev-to-userspace.patch