Android Wear 6.0.1 Release 0.67
sched: Fix information leak in sys_sched_getattr()
CVE-2014-9903
We're copying the on-stack structure to userspace, but forgot to give
the right number of bytes to copy. This allows the calling process to
obtain up to PAGE_SIZE bytes from the stack (and possibly adjacent
kernel memory).
This fix copies only as much as we actually have on the stack
(attr->size defaults to the size of the struct) and leaves the rest of
the userspace-provided buffer untouched.
Found using kmemcheck + trinity.
Signed-off-by: sanghyun.eom <sanghyun.eom@samsung.com>
1 file changed