On Tue, 2013-10-01 at 15:15 +0100, Luis Henriques wrote: > The 2 commits that fix CVE-2013-2147 have been merged upstream but > have not been tagged for stable kernels. They seem to be clean > cherry-picks for all the stable kernel trees. > > Please consider picking the following commits for all the trees: Queued up for 3.2, thanks. Ben. > commit 627aad1c01da6f881e7f98d71fd928ca0c316b1a > Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Date: Tue Sep 24 15:27:44 2013 -0700 > > cpqarray: fix info leak in ida_locked_ioctl() > > The pciinfo struct has a two byte hole after ->dev_fn so stack > information could be leaked to the user. > > This was assigned CVE-2013-2147. > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Acked-by: Mike Miller <mike.miller@xxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > > commit 58f09e00ae095e46ef9edfcf3a5fd9ccdfad065e > Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Date: Tue Sep 24 15:27:45 2013 -0700 > > cciss: fix info leak in cciss_ioctl32_passthru() > > The arg64 struct has a hole after ->buf_size which isn't cleared. Or if > any of the calls to copy_from_user() fail then that would cause an > information leak as well. > > This was assigned CVE-2013-2147. > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Acked-by: Mike Miller <mike.miller@xxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > > Cheers, -- Ben Hutchings Tomorrow will be cancelled due to lack of interest.
Attachment:
signature.asc
Description: This is a digitally signed message part