Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 11 Jun 2014 15:15:58 -0400 (EDT)
From: cve-assign@...re.org
To: jmm@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Linux kernel / target information leak

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> an information leak in the rd_mcp backend of the iSCSI target
> subsystem in the Linux kernel

> Introduced in 2.6.38 and fixed in 3.14 with
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc

> add explicit memset of pages within rd_allocate_sgl_table() based upon
> passed 'init_payload' value.

Use CVE-2014-4027.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTmKpOAAoJEKllVAevmvmsdVsH/RjQUYnVK0zKr7JoC1lSm4MD
fQTujx/hCWPFO4LCl1U9N81qAcX/oFUdsoEE0FC0IFnvZ7HEcczatOdX/ciYLX/y
onVmwxNYtINWDe5EZtDjS5JvJNdd/e5PEGTLFBhRX3AQSei7VzAhyYlvJIe9SqdC
madRM9T5VEhr0mXT9Jr+cS1IppLPrzjnouMr+oHQ1Fztq6EngjWHNpoTqX5nv3QJ
U5qILrscWU6VtnJILoj+EycvqnoXoS24ajNIEuD2PeIpQ5jJcABdBrR6b9ZpCYU7
B61ihNP0xa2yzQC+DGX5q/+i5jy9mX3/lJZQzlqB7IZyQaTO9nLFf9CSchNvIok=
=9yK1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ