aacraid driver may return uninitialized stack data to userspace
Bug #1700077 reported by
Seth Forshee
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Seth Forshee | ||
Zesty |
Fix Released
|
Medium
|
Seth Forshee |
Bug Description
SRU Justification
Impact: Recent aacraid backports introduce potential information leaks, where some stack allocated memory may be copied to userspace without initialization.
Fix: Clear out the affected memory before using it to ensure that none is left uninitialized.
Test Case: None. Code review should be sufficient to validate the changes.
Regression Potential: Negligible. The patch simply memsets some structs to clear them out prior to any other use.
---
aac_send_raw_srb() and aac_get_hba_info() both copy the contents of stack variables to userspace when some of this memory may be uninitialized. The memory should be zeroed out initially to prevent this.
CVE References
description: | updated |
description: | updated |
Changed in linux (Ubuntu Zesty): | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
Note that this bug also exists upstream.