** Description changed: - aac_send_raw_srb() allocates a variable named reply on the stack and - later copies its contents to userspace. However not all branches of the - code initializes all fields of reply, representing a possible - information leak. The memory should be zeroed out initially to prevent + aac_send_raw_srb() and aac_get_hba_info() both copy the contents of + stack variables to userspace when some of this memory may be + uninitialized. The memory should be zeroed out initially to prevent this.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1700077 Title: aacraid driver may return uninitialized stack data to userspace Status in linux package in Ubuntu: In Progress Status in linux source package in Zesty: In Progress Bug description: aac_send_raw_srb() and aac_get_hba_info() both copy the contents of stack variables to userspace when some of this memory may be uninitialized. The memory should be zeroed out initially to prevent this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1700077/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp