Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 464804 (CVE-2013-1928)

Summary: Kernel : information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE (CVE-2013-1928)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED OBSOLETE    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2013/04/05/3
Whiteboard: [<3.6.5]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-04-06 06:45:50 UTC 
From $URL :

https://github.com/torvalds/linux/commit/12176503366885edd542389eed3aaf94be163fdb

commit 12176503366885edd542389eed3aaf94be163fdb
Author: Kees Cook <keescook@...omium.org>
Date:   Thu Oct 25 13:38:16 2012 -0700

    fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check

    The compat ioctl for VIDEO_SET_SPU_PALETTE was missing an error check
    while converting ioctl arguments.  This could lead to leaking kernel
    stack contents into userspace.

    Patch extracted from existing fix in grsecurity.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-04-04 19:10:02 UTC 
There are no longer any 2.x or <3.6.5 kernels available in the repository with
the exception of sys-kernel/xbox-sources which is unsupported by security.