Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 2 Jun 2013 19:56:09 +0200
From: Marcus Meissner <>
To: OSS Security List <>
Subject: CVE Request: kernel info leak in tkill/tgkill


This small Linux kernel info leaks still needs a CVE I think.

Author: Emese Revfy <>
Date:   Wed Apr 17 15:58:36 2013 -0700

    kernel/signal.c: stop info leak via the tkill and the tgkill syscalls

    This fixes a kernel memory contents leak via the tkill and tgkill syscalls
    for compat processes.

    This is visible in the siginfo_t->_sifields._rt.si_sigval.sival_ptr field
    when handling signals delivered from tkill.

    The place of the infoleak:

    int copy_siginfo_to_user32(compat_siginfo_t __user *to, siginfo_t *from)
            put_user_ex(ptr_to_compat(from->si_ptr), &to->si_ptr);

    Signed-off-by: Emese Revfy <>
    Reviewed-by: PaX Team <>
    Signed-off-by: Kees Cook <>
    Cc: Al Viro <>
    Cc: Oleg Nesterov <>
    Cc: "Eric W. Biederman" <>
    Cc: Serge Hallyn <>
    Cc: <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ