Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 464804 (CVE-2013-1928)

Summary: Kernel : information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE (CVE-2013-1928)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [<3.6.5]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-04-06 06:45:50 UTC
From $URL :

commit 12176503366885edd542389eed3aaf94be163fdb
Author: Kees Cook <>
Date:   Thu Oct 25 13:38:16 2012 -0700

    fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check

    The compat ioctl for VIDEO_SET_SPU_PALETTE was missing an error check
    while converting ioctl arguments.  This could lead to leaking kernel
    stack contents into userspace.

    Patch extracted from existing fix in grsecurity.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-04-04 19:10:02 UTC
There are no longer any 2.x or <3.6.5 kernels available in the repository with
the exception of sys-kernel/xbox-sources which is unsupported by security.