From 4523622d274e0bf0b2b054445d570a3215c3c250 Mon Sep 17 00:00:00 2001 From: sohu0106 Date: Sun, 30 Jul 2017 12:05:46 +0800 Subject: [PATCH] Update atyfb_base.c Structure atyclk is copied to userland with padding bytes after "vclk_post_div" field unitialized. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero. or it will allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure --- drivers/video/fbdev/aty/atyfb_base.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/video/fbdev/aty/atyfb_base.c b/drivers/video/fbdev/aty/atyfb_base.c index b55fdac9c9f51a..43da26cdf670d1 100644 --- a/drivers/video/fbdev/aty/atyfb_base.c +++ b/drivers/video/fbdev/aty/atyfb_base.c @@ -1857,6 +1857,9 @@ static int atyfb_ioctl(struct fb_info *info, u_int cmd, u_long arg) if (M64_HAS(INTEGRATED)) { struct atyclk clk; union aty_pll *pll = &par->pll; + + memset( &clk, 0, sizeof(struct atyclk) ); + u32 dsp_config = pll->ct.dsp_config; u32 dsp_on_off = pll->ct.dsp_on_off; clk.ref_clk_per = par->ref_clk_per;