blob: 4e8e37bd5d4ea1076489a6d9d8cf2eabf84fc243 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Description: [disputed] infoleak in ioctl(SNDRV_COMPRESS_TSTAMP)
References:
http://source.android.com/security/bulletin/2016-08-01.html
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e
Notes:
jmm> Fixed in Android 3.10 kernel, but unfixed in Linux mainline
bwh> This doesn't make sense - there should be no padding in a
bwh> structure that has all 32-bit members, unless the natural
bwh> alignment is explicitly overridden. I consider this invalid.
bwh> Additionally, snd_compr_tstamp and all the other sound
bwh> compression related structures now have their alignment
bwh> explicitly set to 4 to avoid compat issues on i386/amd64.
Bugs:
upstream: N/A "Invalid"
4.9-upstream-stable: N/A "Invalid"
3.16-upstream-stable: N/A "Invalid"
3.2-upstream-stable: N/A "Supposedly vulnerable code not present"
sid: N/A "Invalid"
3.16-jessie-security: N/A "Invalid"
3.2-wheezy-security: N/A "Supposedly vulnerable code not present"
|