[kernel] r16541 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Nov 10 05:50:46 UTC 2010
Author: dannf
Date: Wed Nov 10 05:50:07 2010
New Revision: 16541
Log:
ALSA: rme9652: prevent reading uninitialized stack memory (CVE-2010-4080)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/rme9652-prevent-reading-uninitialized-stack-memory.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/25lenny2
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Wed Nov 10 05:07:30 2010 (r16540)
+++ dists/lenny-security/linux-2.6/debian/changelog Wed Nov 10 05:50:07 2010 (r16541)
@@ -13,6 +13,7 @@
* setup_arg_pages: diagnose excessive argument size (CVE-2010-3858)
* X.25: memory corruption in X.25 facilities parsing (CVE-2010-3873)
* sys_semctl: fix kernel stack leakage (CVE-2010-4083)
+ * ALSA: rme9652: prevent reading uninitialized stack memory (CVE-2010-4080)
-- dann frazier <dannf at debian.org> Thu, 30 Sep 2010 21:42:24 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/rme9652-prevent-reading-uninitialized-stack-memory.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/rme9652-prevent-reading-uninitialized-stack-memory.patch Wed Nov 10 05:50:07 2010 (r16541)
@@ -0,0 +1,43 @@
+commit 1179687599395e64f39fe85c45a90c0ef9993948
+Author: Dan Rosenberg <drosenberg at vsecurity.com>
+Date: Sat Sep 25 11:07:27 2010 -0400
+
+ [Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>]
+
+ ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
+
+ The SNDRV_HDSP_IOCTL_GET_CONFIG_INFO and
+ SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctls in hdspm.c and hdsp.c allow
+ unprivileged users to read uninitialized kernel stack memory, because
+ several fields of the hdsp{m}_config_info structs declared on the stack
+ are not altered or zeroed before being copied back to the user. This
+ patch takes care of it.
+
+ Signed-off-by: Dan Rosenberg <dan.j.rosenberg at gmail.com>
+ Cc: <stable at kernel.org>
+ Signed-off-by: Takashi Iwai <tiwai at suse.de>
+
+diff --git a/sound/pci/rme9652/hdsp.c b/sound/pci/rme9652/hdsp.c
+index 4d6fbb3..cee643e 100644
+--- a/sound/pci/rme9652/hdsp.c
++++ b/sound/pci/rme9652/hdsp.c
+@@ -4569,6 +4569,7 @@ static int snd_hdsp_hwdep_ioctl(struct snd_hwdep *hw, struct file *file, unsigne
+ snd_printk(KERN_ERR "Hammerfall-DSP: Firmware needs to be uploaded to the card.\n");
+ return -EINVAL;
+ }
++ memset(&info, 0, sizeof(info));
+ spin_lock_irqsave(&hdsp->lock, flags);
+ info.pref_sync_ref = (unsigned char)hdsp_pref_sync_ref(hdsp);
+ info.wordclock_sync_check = (unsigned char)hdsp_wc_sync_check(hdsp);
+diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c
+index ab423bc..bd36bdd 100644
+--- a/sound/pci/rme9652/hdspm.c
++++ b/sound/pci/rme9652/hdspm.c
+@@ -4133,6 +4133,7 @@ static int snd_hdspm_hwdep_ioctl(struct snd_hwdep * hw, struct file *file,
+
+ case SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO:
+
++ memset(&info, 0, sizeof(info));
+ spin_lock_irq(&hdspm->lock);
+ info.pref_sync_ref = hdspm_pref_sync_ref(hdspm);
+ info.wordclock_sync_check = hdspm_wc_sync_check(hdspm);
Modified: dists/lenny-security/linux-2.6/debian/patches/series/25lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/25lenny2 Wed Nov 10 05:07:30 2010 (r16540)
+++ dists/lenny-security/linux-2.6/debian/patches/series/25lenny2 Wed Nov 10 05:50:07 2010 (r16541)
@@ -12,3 +12,4 @@
+ bugfix/all/x25-fix-field-accesses-beyond-end-of-packet.patch
+ bugfix/all/x25-fix-memory-corruption-in-facilities-parsing.patch
+ bugfix/all/sys_semctl-fix-kernel-stack-leakage.patch
++ bugfix/all/rme9652-prevent-reading-uninitialized-stack-memory.patch
More information about the Kernel-svn-changes
mailing list