[patch] hamradio/yam: fix info leak in ioctl


CVE CVE-2014-1446
Author Salva Peiró
Date November 2013 - Discovery of the vulnerability.
Impact The vulnerability discloses 4 bytes of kernel process stack.
Affected Versions From Linux-2.6.12-rc2 to linux-3.15-rc3
Bug Timespan 8.5 years: 2005-04-16 to 2013-11-17 commit 1da177e4

Infoleak Description

The yam_ioctl() code fails to initialise the cmd field of the struct yamdrv_ioctl_cfg. Add an explicit memset(0) before filling the structure to avoid the 4-byte info leak.

Fixing the Infoleak

The patches fixing the leak have been sent to the Linux Kernel: