Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 494086

Summary: Kernel: Genlock: Uninitialized data read (CVE-2013-6392)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: KernelAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2013-12-12 20:19:41 UTC 
CVE-2013-6392 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6392):
  The genlock_dev_ioctl function in genlock.c in the Genlock driver for the
  Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android
  contributions for MSM devices and other products, does not properly
  initialize a certain data structure, which allows local users to obtain
  sensitive information from kernel stack memory via a crafted
  GENLOCK_IOC_EXPORT ioctl call.


Unclear if this one is fixed.
Comment 1 Mike Pagano gentoo-dev 2022-03-28 17:04:46 UTC 
I found references to this only in the Kernel tree for Qualcomm chipsets.
Which we don't ship.