Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - kernel/linux.git

diff options

author	Zhen Ni <zhen.ni@easystack.cn>	2025-09-28 09:37:37 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-10-15 13:00:24 +0300
commit	48c96b7e9e03516936d6deba54b5553097eae817 (patch)
tree	4ed8c111549f39b41a9af82bff8ffffcf0a1a5f0 /scripts/gdb/linux/interrupts.py
parent	2c988e1f9df01ab0ff7caa28ad5c08b2313cc40a (diff)
download	linux-48c96b7e9e03516936d6deba54b5553097eae817.tar.xz

Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak

commit d3366a04770eea807f2826cbdb96934dd8c9bf79 upstream. Struct ff_effect_compat is embedded twice inside uinput_ff_upload_compat, contains internal padding. In particular, there is a hole after struct ff_replay to satisfy alignment requirements for the following union member. Without clearing the structure, copy_to_user() may leak stack data to userspace. Initialize ff_up_compat to zero before filling valid fields. Fixes: 2d56f3a32c0e ("Input: refactor evdev 32bit compat to be shareable with uinput") Cc: stable@vger.kernel.org Signed-off-by: Zhen Ni <zhen.ni@easystack.cn> Link: https://lore.kernel.org/r/20250928063737.74590-1-zhen.ni@easystack.cn Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'scripts/gdb/linux/interrupts.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: