42 lines
1.6 KiB
Diff
42 lines
1.6 KiB
Diff
From: Alexander Potapenko <glider@google.com>
|
|
Date: Wed, 27 May 2020 22:20:52 -0700
|
|
Subject: fs/binfmt_elf.c: allocate initialized memory in
|
|
fill_thread_core_info()
|
|
Origin: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413
|
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-10732
|
|
|
|
KMSAN reported uninitialized data being written to disk when dumping
|
|
core. As a result, several kilobytes of kmalloc memory may be written
|
|
to the core file and then read by a non-privileged user.
|
|
|
|
Reported-by: sam <sunhaoyl@outlook.com>
|
|
Signed-off-by: Alexander Potapenko <glider@google.com>
|
|
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
|
|
Acked-by: Kees Cook <keescook@chromium.org>
|
|
Cc: Al Viro <viro@zeniv.linux.org.uk>
|
|
Cc: Alexey Dobriyan <adobriyan@gmail.com>
|
|
Cc: <stable@vger.kernel.org>
|
|
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
|
|
Link: https://github.com/google/kmsan/issues/76
|
|
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
---
|
|
fs/binfmt_elf.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
|
|
index 13f25e241ac4..25d489bc9453 100644
|
|
--- a/fs/binfmt_elf.c
|
|
+++ b/fs/binfmt_elf.c
|
|
@@ -1733,7 +1733,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
|
|
(!regset->active || regset->active(t->task, regset) > 0)) {
|
|
int ret;
|
|
size_t size = regset_size(t->task, regset);
|
|
- void *data = kmalloc(size, GFP_KERNEL);
|
|
+ void *data = kzalloc(size, GFP_KERNEL);
|
|
if (unlikely(!data))
|
|
return 0;
|
|
ret = regset->get(t->task, regset,
|
|
--
|
|
2.27.0.rc0
|
|
|