From: Vasiliy Kulikov Date: Sat, 6 Nov 2010 14:41:35 +0000 (+0300) Subject: usb: misc: sisusbvga: fix information leak to userland X-Git-Tag: firefly_0821_release~9833^2~79^2^2~89 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=e1e1f7573e7703a4e5a87a40671c5b42f70c429c;p=firefly-linux-kernel-4.4.55.git usb: misc: sisusbvga: fix information leak to userland commit 5dc92cf1d0b4b0debbd2e333b83f9746c103533d upstream. Structure sisusb_info is copied to userland with "sisusb_reserved" field uninitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/misc/sisusbvga/sisusb.c b/drivers/usb/misc/sisusbvga/sisusb.c index 70d00e99a4b4..dd573abd2d1e 100644 --- a/drivers/usb/misc/sisusbvga/sisusb.c +++ b/drivers/usb/misc/sisusbvga/sisusb.c @@ -3008,6 +3008,7 @@ sisusb_ioctl(struct file *file, unsigned int cmd, unsigned long arg) #else x.sisusb_conactive = 0; #endif + memset(x.sisusb_reserved, 0, sizeof(x.sisusb_reserved)); if (copy_to_user((void __user *)arg, &x, sizeof(x))) retval = -EFAULT;