This is a note to let you know that I've just added the patch titled audit: fix info leak in AUDIT_GET requests to the 3.12-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: audit-fix-info-leak-in-audit_get-requests.patch and it can be found in the queue-3.12 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 64fbff9ae0a0a843365d922e0057fc785f23f0e3 Mon Sep 17 00:00:00 2001 From: Mathias Krause <minipli@xxxxxxxxxxxxxx> Date: Mon, 30 Sep 2013 22:04:24 +0200 Subject: audit: fix info leak in AUDIT_GET requests From: Mathias Krause <minipli@xxxxxxxxxxxxxx> commit 64fbff9ae0a0a843365d922e0057fc785f23f0e3 upstream. We leak 4 bytes of kernel stack in response to an AUDIT_GET request as we miss to initialize the mask member of status_set. Fix that. Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> Cc: Eric Paris <eparis@xxxxxxxxxx> Signed-off-by: Mathias Krause <minipli@xxxxxxxxxxxxxx> Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- kernel/audit.c | 1 + 1 file changed, 1 insertion(+) --- a/kernel/audit.c +++ b/kernel/audit.c @@ -659,6 +659,7 @@ static int audit_receive_msg(struct sk_b switch (msg_type) { case AUDIT_GET: + status_set.mask = 0; status_set.enabled = audit_enabled; status_set.failure = audit_failure; status_set.pid = audit_pid; Patches currently in stable-queue which might be from minipli@xxxxxxxxxxxxxx are queue-3.12/ipc-msg-fix-message-length-check-for-negative-values.patch queue-3.12/audit-fix-info-leak-in-audit_get-requests.patch queue-3.12/audit-use-nlmsg_len-to-get-message-payload-length.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html