[CVE-2014-1739 1/5] [media] media-device: fix infoleak in ioctl media_enum_entities()
Luis Henriques
luis.henriques at canonical.com
Wed Jun 25 11:59:14 UTC 2014
From: Salva Peiró <speiro at ai2.upv.es>
This fixes CVE-2014-1739.
Signed-off-by: Salva Peiró <speiro at ai2.upv.es>
Acked-by: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
Cc: stable at vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab <m.chehab at samsung.com>
(cherry picked from commit e6a623460e5fc960ac3ee9f946d3106233fd28d8)
CVE-2014-1739
BugLink: http://bugs.launchpad.net/bugs/1333609
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
drivers/media/media-device.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c
index 6f9eb94e85b3..25968dcfa422 100644
--- a/drivers/media/media-device.c
+++ b/drivers/media/media-device.c
@@ -90,6 +90,7 @@ static long media_device_enum_entities(struct media_device *mdev,
struct media_entity *ent;
struct media_entity_desc u_ent;
+ memset(&u_ent, 0, sizeof(u_ent));
if (copy_from_user(&u_ent.id, &uent->id, sizeof(u_ent.id)))
return -EFAULT;
--
1.9.1
More information about the kernel-team
mailing list