Date: Thu, 20 Feb 2014 15:04:11 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss security list <oss-security@...ts.openwall.com> Subject: CVE request: Linux kernel: nfs: information leakage Hello, Linux kernel build with the NFS file system(CONFIG_NFS_FS) along with the support for NFSv4 protocol(CONFIG_NFS_V4) is vulnerable to an information leakage flaw. It could occur while writing to a file wherein NFS server has offered write delegation to the client. Such delegation allows NFS client to perform the said operation locally without instant interaction with the server. A user/program could use this flaw to leak kernel memory bytes. Upstream fix: ------------- -> https://git.kernel.org/linus/263b4509ec4d47e0da3e753f85a39ea12d1eff24 Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1067341 Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ