MNBSD-2016-13: Linux emulation TIOCGSERIAL ioctl kernel stack disclosure

Severity: Unknown

Affected Package: kernel

Summary: Linux emulation TIOCGSERIAL ioctl kernel stack disclosure

Description

The Linux compatibility layer's TIOCGSERIAL ioctl(2) implementation did not clear the output struct before copying it out to userland. An unprivileged user could read uninitialized kernel stack data that may contain sensitive information usable to aid privilege escalation. Only systems using the Linux binary compatibility layer are affected. Fixed in the 0.7.9 release.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases:

Published: May 31, 2016
Last Modified: May 31, 2016