Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 06 Jan 2011 16:38:53 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Greg KH <greg@...ah.com>, "Steven M. Christey" <coley@...us.mitre.org>,
        Greg KH <gregkh@...e.de>
Subject: Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad
 infoleak

On 01/06/2011 04:16 AM, Greg KH wrote:
> On Wed, Jan 05, 2011 at 12:14:28PM +0800, Eugene Teo wrote:
>> In addition to CVE-2010-3881, some versions of the Linux kernel
>> forgot to initialize the kvm_vcpu_events.interrupt.pad field before
>> being copied to userspace. I have assigned CVE-2010-4525 to this. I
>> briefly checked, linux-2.6.33/34.y are affected, linux-2.6/.31/.32.y
>> are not.
>>
>> https://bugzilla.redhat.com/CVE-2010-4525
>
> Is there a fix for this in the upstream kernels?  How about kernels
> greater than .35?

The upstream kernel and .35.y onwards are not affected.

Thanks, Eugene

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ