Description of problem:
The TIOCGICOUNT device ioctl allows unprivileged users to read 9 bytes of uninitialized stack memory, because the "reserved" member of the serial_icounter_struct struct declared on the stack in hso_get_count() is not altered or zeroed before being copied back to the user. This patch takes care of it.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Commit in David Miller's tree is
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5, as they did not support USB Option High Speed Mobile Devices. This was addressed in Red Hat Enterprise Linux Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0771.html.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:0007 https://rhn.redhat.com/errata/RHSA-2011-0007.html