Description of problem: http://lkml.org/lkml/2010/9/11/167 The TIOCGICOUNT device ioctl allows unprivileged users to read 9 bytes of uninitialized stack memory, because the "reserved" member of the serial_icounter_struct struct declared on the stack in hso_get_count() is not altered or zeroed before being copied back to the user. This patch takes care of it. Acknowledgements: Red Hat would like to thank Dan Rosenberg for reporting this issue.
Commit in David Miller's tree is 7011e660938fc44ed86319c18a5954e95a82ab3e
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5, as they did not support USB Option High Speed Mobile Devices. This was addressed in Red Hat Enterprise Linux Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0771.html.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0007 https://rhn.redhat.com/errata/RHSA-2011-0007.html