[PATCH 0/3] CVE-2010-4080 CVE-2010-4081
Stefan Bader
stefan.bader at canonical.com
Mon Feb 7 10:38:39 UTC 2011
On 02/04/2011 06:26 PM, Brad Figg wrote:
> Following this email will be 3 patches associated with these two CVEs. The patch
> apply Dapper, Hardy and Karmic. Natty, Maverick and Lucid have already received
> this patch as part of upstream stable commits (or just regular upstream
> commits).
>
> CVE-2010-4080
> CVE-2010-4081
>
> BugLink: http://bugs.launchpad.net/bugs/712723
> BugLink: http://bugs.launchpad.net/bugs/712737
>
> The SNDRV_HDSP_IOCTL_GET_CONFIG_INFO and
> SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctls in hdspm.c and hdsp.c allow
> unprivileged users to read uninitialized kernel stack memory, because
> several fields of the hdsp{m}_config_info structs declared on the stack
> are not altered or zeroed before being copied back to the user. This
> patch takes care of it.
>
>
> Dan Rosenberg (1):
> ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory,
> CVE-2010-4080, CVE-2010-4081
>
> sound/pci/rme9652/hdsp.c | 1 +
> sound/pci/rme9652/hdspm.c | 1 +
> 2 files changed, 2 insertions(+), 0 deletions(-)
>
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
More information about the kernel-team
mailing list