Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <562763DD.7080804@gmail.com>
Date: Wed, 21 Oct 2015 12:07:25 +0200
From: Salva Peiró <speirofr@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc

Hello,

Are there CVEs for these? If not, could these be assigned, please?

   
http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c
    media/vivid-osd: fix info leak in ioctl

        [media] media/vivid-osd: fix info leak in ioctl
        The vivid_fb_ioctl() code fails to initialize the 16 _reserved
bytes of
        struct fb_vblank after the ->hcount member. Add an explicit
        memset(0) before filling the structure to avoid the info leak.

   
http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05
    staging/dgnc: fix info leak in ioctl

        The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved
bytes of
        struct digi_dinfo after the ->dinfo_nboards member. Add an explicit
        memset(0) before filling the structure to avoid the info leak.

--
Salva Peiró @ https://speirofr.appspot.com
CS Researcher & Software Engineer
Universitat Politècnica de València, Spain.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.