debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

media/vivid-osd: fix info leak in ioctl (CVE-2015-7884)

This commit is contained in:
Ben Hutchings 2015-11-08 15:01:04 +00:00
parent ed853af7cb
commit b2076bbc37
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
debian/changelog vendored
View File

@ -3,6 +3,7 @@ linux (4.2.5-2) UNRELEASED; urgency=medium
* usbvision: fix overflow of interfaces array (CVE-2015-7833)
* RDS: fix race condition when sending a message on unbound socket
(CVE-2015-7990)
* media/vivid-osd: fix info leak in ioctl (CVE-2015-7884)
-- Ben Hutchings <ben@decadent.org.uk> Sun, 08 Nov 2015 14:47:40 +0000

31
debian/patches/bugfix/all/media-media-vivid-osd-fix-info-leak-in-ioctl.patch vendored Normal file
View File

@ -0,0 +1,31 @@
From: =?UTF-8?q?Salva=20Peir=C3=B3?= <speirofr@gmail.com>
Date: Wed, 7 Oct 2015 07:09:26 -0300
Subject: [media] media/vivid-osd: fix info leak in ioctl
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Origin: https://git.kernel.org/linus/eda98796aff0d9bf41094b06811f5def3b4c333c
The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of
struct fb_vblank after the ->hcount member. Add an explicit
memset(0) before filling the structure to avoid the info leak.
Signed-off-by: Salva Peiró <speirofr@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
---
drivers/media/platform/vivid/vivid-osd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/platform/vivid/vivid-osd.c b/drivers/media/platform/vivid/vivid-osd.c
index 084d346..e15eef6 100644
--- a/drivers/media/platform/vivid/vivid-osd.c
+++ b/drivers/media/platform/vivid/vivid-osd.c
@@ -85,6 +85,7 @@ static int vivid_fb_ioctl(struct fb_info *info, unsigned cmd, unsigned long arg)
case FBIOGET_VBLANK: {
struct fb_vblank vblank;
+ memset(&vblank, 0, sizeof(vblank));
vblank.flags = FB_VBLANK_HAVE_COUNT | FB_VBLANK_HAVE_VCOUNT |
FB_VBLANK_HAVE_VSYNC;
vblank.count = 0;

1
debian/patches/series vendored
View File

@ -106,3 +106,4 @@ debian/target-fix-abi-change-in-4.2.4.patch
debian/signal-fix-abi-change-in-4.2.4.patch
bugfix/all/usbvision-fix-overflow-of-interfaces-array.patch
bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch
bugfix/all/media-media-vivid-osd-fix-info-leak-in-ioctl.patch