Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 04 Jun 2013 12:55:22 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: kernel info leak in tkill/tgkill

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/02/2013 11:56 AM, Marcus Meissner wrote:
> Hi,
> 
> This small Linux kernel info leaks still needs a CVE I think.
> 
> b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f Author: Emese Revfy
> <re.emese@...il.com> Date:   Wed Apr 17 15:58:36 2013 -0700
> 
> kernel/signal.c: stop info leak via the tkill and the tgkill
> syscalls
> 
> This fixes a kernel memory contents leak via the tkill and tgkill
> syscalls for compat processes.
> 
> This is visible in the siginfo_t->_sifields._rt.si_sigval.sival_ptr
> field when handling signals delivered from tkill.
> 
> The place of the infoleak:
> 
> int copy_siginfo_to_user32(compat_siginfo_t __user *to, siginfo_t
> *from) { ... put_user_ex(ptr_to_compat(from->si_ptr),
> &to->si_ptr); ... }
> 
> Signed-off-by: Emese Revfy <re.emese@...il.com> Reviewed-by: PaX
> Team <pageexec@...email.hu> Signed-off-by: Kees Cook
> <keescook@...omium.org> Cc: Al Viro <viro@...iv.linux.org.uk> Cc:
> Oleg Nesterov <oleg@...hat.com> Cc: "Eric W. Biederman"
> <ebiederm@...ssion.com> Cc: Serge Hallyn
> <serge.hallyn@...onical.com> Cc: <stable@...r.kernel.org> 
> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org> 
> Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>

Please use CVE-2013-2141 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRrjgZAAoJEBYNRVNeJnmTOQ8P/jy1ODjXitITR3jB1DZtX1yn
PRczwTvDTxDxypF5GMzFmvHYMyRvgMiN8P1XVz5yjEWdrvJRF0uV3S1+yx75GSxJ
BuBT86Vzq8HZ0CAoVpbZlJYpA/NSoWmRjepMhh0KnA9V4LJiWBDf1aZ+z2utPngR
mthyNxm4oI2+sPL1VvEsstBLhiimtTq6lzgb9looSzOnwsw43ybE/BJVZLuYNI9t
bDjIpdYw6AuEsXRBuXHQlQqVD9Qj+Wkx3ZN+jSbQnoYQ4XXINQkp52YcIN0lV4Rm
6Q8bkvTcPipJnvGzXSoXiCReXLAGDDgQmcG+YY+krQNIyq8N4ZiNHyGb5O/XFjUx
Euh41qLi000oeyUAbLWUSO3dIzwtkw1upEl22hmm0wtKJid5HpT1drn0gZXPRDm8
qPgGsaZqtI04E4CiWjJI24/wVhowb/b7TRfpNw15dd3dzV3EJR5zVawZfMZ/vD9l
J1+ydHLr3DVNjoky2wvljlaEHscyBOwLOPs0bHCBGoy/ajSo6Lxa9h0bl4m4DK1+
lzjgACZojblSEhw+usnl5HGCLzexvTn1fKMfBsjN9gj8SL6y4Qr4a/mUioUtwRHw
DMHZzzkJgl3xLq8V+easanK/re0PU4FAiLBr5JkTo18jZnbonit5chPEmP5veON6
txtIdd2HmtInUbllfSIn
=alVA
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ