Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 464804 (CVE-2013-1928) - Kernel : information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE (CVE-2013-1928)
Summary: Kernel : information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE (CVE-201...
Status: RESOLVED OBSOLETE
Alias: CVE-2013-1928
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: [<3.6.5]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-06 06:45 UTC by Agostino Sarubbo
Modified: 2018-04-04 19:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-04-06 06:45:50 UTC
From $URL :

https://github.com/torvalds/linux/commit/12176503366885edd542389eed3aaf94be163fdb

commit 12176503366885edd542389eed3aaf94be163fdb
Author: Kees Cook <keescook@...omium.org>
Date:   Thu Oct 25 13:38:16 2012 -0700

    fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check

    The compat ioctl for VIDEO_SET_SPU_PALETTE was missing an error check
    while converting ioctl arguments.  This could lead to leaking kernel
    stack contents into userspace.

    Patch extracted from existing fix in grsecurity.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-04-04 19:10:02 UTC
There are no longer any 2.x or <3.6.5 kernels available in the repository with
the exception of sys-kernel/xbox-sources which is unsupported by security.