Public bug reported:
aac_send_raw_srb() allocates a variable named reply on the stack and
later copies its contents to userspace. However not all branches of the
code initializes all fields of reply, representing a possible
information leak. The memory should be zeroed out initially to prevent
this.
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Seth Forshee (sforshee)
Status: In Progress
** Affects: linux (Ubuntu Zesty)
Importance: Medium
Assignee: Seth Forshee (sforshee)
Status: In Progress
** Changed in: linux (Ubuntu)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu)
Status: New => In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Seth Forshee (sforshee)
** Also affects: linux (Ubuntu Zesty)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1700077
Title:
aacraid driver may return uninitialized stack data to userspace
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Zesty:
In Progress
Bug description:
aac_send_raw_srb() allocates a variable named reply on the stack and
later copies its contents to userspace. However not all branches of
the code initializes all fields of reply, representing a possible
information leak. The memory should be zeroed out initially to prevent
this.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1700077/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
