[PATCH 1/3] char/tpm: Fix uninitialized usage of data buffer http://tpmdd.git.sourceforge.net/git/gitweb.cgi?p=tpmdd/tpmdd;a=commitdiff;h=459e0537ebb7b786cd29a26f4e41c721632cd840 infoleak [PATCH 2/3] char/tpm: Call tpm_transmit with correct size http://tpmdd.git.sourceforge.net/git/gitweb.cgi?p=tpmdd/tpmdd;a=commitdiff;h=f0bbed1ee49a4779dfb32159fea669ced8789336 infoleak [PATCH 3/3] char/tpm: zero buffer after copying to userspace http://tpmdd.git.sourceforge.net/git/gitweb.cgi?p=tpmdd/tpmdd;a=commitdiff;h=44480e4077cd782aa8f54eb472b292547f030520 prevents storing of previous result, leakage to other drivers Acknowledgements: Red Hat would like to thank Peter Huewe for reporting this issue.
As per: http://openwall.com/lists/oss-security/2011/03/15/13 > [PATCH 1/3] char/tpm: Fix uninitialized usage of data buffer CVE-2011-1160 > [PATCH 2/3] char/tpm: Call tpm_transmit with correct size CVE-2011-1161 > [PATCH 3/3] char/tpm: zero buffer after copying to userspace CVE-2011-1162
I'm moving CVE-2011-1161/1162 into a separate bug as there is no official fix in the upstream kernel yet. See bug 732629.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2011:1253 https://rhn.redhat.com/errata/RHSA-2011-1253.html
Upstream commit: https://github.com/torvalds/linux/commit/1309d7afbed112f0e8e90be9af975550caa0076b
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1350 https://rhn.redhat.com/errata/RHSA-2011-1350.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:1386 https://rhn.redhat.com/errata/RHSA-2011-1386.html
Created kernel tracking bugs for this issue Affects: fedora-all [bug 748694]