[CVE-2011-1078] Bluetooth: sco: fix information leak to userspace

Andy Whitcroft apw at canonical.com
Tue Jul 26 18:51:01 UTC 2011

	struct sco_conninfo has one padding byte in the end.  Local
	variable cinfo of type sco_conninfo is copied to userspace with
	this uninizialized one byte, leading to old stack contents leak.

The fix for this CVE has hit Lucid and later via mainline and stable.
Following this email are two patches, the first for hardy, and the second
for lucid/fsl-imx51 and maverick/ti-omap4.  Both are direct cherry-picks
and only differ in line numbers.

Proposing for hardy, lucid/fsl-imx51, and maverick/ti-omap4.


More information about the kernel-team mailing list