[CVE-2011-1078] Bluetooth: sco: fix information leak to userspace
Andy Whitcroft
apw at canonical.com
Tue Jul 26 18:51:01 UTC 2011
CVE-2011-1078
struct sco_conninfo has one padding byte in the end. Local
variable cinfo of type sco_conninfo is copied to userspace with
this uninizialized one byte, leading to old stack contents leak.
The fix for this CVE has hit Lucid and later via mainline and stable.
Following this email are two patches, the first for hardy, and the second
for lucid/fsl-imx51 and maverick/ti-omap4. Both are direct cherry-picks
and only differ in line numbers.
Proposing for hardy, lucid/fsl-imx51, and maverick/ti-omap4.
-apw
More information about the kernel-team
mailing list