Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 10:40:37 +0200
From: Benjamin Randazzo <benjamin@...dazzo.fr>
To: oss-security@...ts.openwall.com
Subject: CVE request: Linux kernel - information leak in md driver

Hello,

In the md driver of the Linux kernel it’s possible to request a bitmap file for a device, but when bitmap is disabled only the first byte of the buffer is initialized to zero, and then it is copied in user space. This results in an information leak.

The patch for this issue was applied and committed in linux-next :
http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4 <http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4>
(+ merged: http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=348470064e7c42cb08f1c9d6e9f0a7d2865b3b79 <http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=348470064e7c42cb08f1c9d6e9f0a7d2865b3b79>)

Could you please generate a CVE id for this?

Thanks.

Benjamin Randazzo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ