APPLIED: [CVE-2011-1078] Bluetooth: sco: fix information leak to userspace
Tim Gardner
tim.gardner at canonical.com
Tue Jul 26 20:29:37 UTC 2011
On 07/26/2011 12:51 PM, Andy Whitcroft wrote:
> CVE-2011-1078
> struct sco_conninfo has one padding byte in the end. Local
> variable cinfo of type sco_conninfo is copied to userspace with
> this uninizialized one byte, leading to old stack contents leak.
>
> The fix for this CVE has hit Lucid and later via mainline and stable.
> Following this email are two patches, the first for hardy, and the second
> for lucid/fsl-imx51 and maverick/ti-omap4. Both are direct cherry-picks
> and only differ in line numbers.
>
> Proposing for hardy, lucid/fsl-imx51, and maverick/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list