oss-security - CVE Request: Linux kernel information leak in event device handling

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20150120144300.GH15501@suse.de>
Date: Tue, 20 Jan 2015 15:43:00 +0100
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: Linux kernel information leak in event device handling

Hi,

This needs a CVE, information leak out of the kernel.

This probably was introduced by commit 483180281f0ac60d1138710eb21f4b9961901294
in Linux 3.9.

Ciao, Marcus

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7c4f56070fde2367766fa1fb04852599b5e1ad35
https://bugzilla.suse.com/show_bug.cgi?id=904899

Input: evdev - fix EVIOCG{type} ioctl

The 'max' size passed into the function is measured in number of bits
(KEY_MAX, LED_MAX, etc) so we need to convert it accordingly before
trying to copy the data out, otherwise we will try copying too much
and end up with up with a page fault.

Reported-by: Pavel Machek <pavel@....cz>
Reviewed-by: Pavel Machek <pavel@....cz>
Reviewed-by: David Herrmann <dh.herrmann@...il.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@...il.com>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.