Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 29 Jul 2015 08:42:07 -0400 (EDT)
From: cve-assign@...re.org
To: benjamin@...dazzo.fr
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Linux kernel - information leak in md driver

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4
> 
> copy_to_user(arg, file, sizeof(*file))
> 
> But if bitmap is disabled only the first byte of "file" is initialized
> with zero, so it's possible to read some bytes (up to 4095) of kernel
> space memory from user space. This is an information leak.

Use CVE-2015-5697.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVuMluAAoJEKllVAevmvmskpAH/A1Dle9yejWQdgy/N6rIdg7h
i1no4dsolizpN4guZdu0gLpGstSJFWsc+fFD5eAuNLh0+fYNI8nCPFRBbBDShS7f
v3Fsniw+WX6J4Tqk61AS19OwX2Zo7TNctllbqyios7omfb52Jaf6aYamEZIOotfJ
v9WtiHSzOHD2d/2dY5JiBxO40lmJL6hsl1QzIYJqKF64I8IZ/cgYYcF0fVhE4Dk7
G7TEIm5kf0dx1JoGcI0rINPo3un20zFzcpnfl7PbAdDwc7qUzW/QfrpnF1K4b6gU
FeB5fswttGrehaVYd82DcSR39hJjWZlkM4lPCwyGCt58TsHb7AVYuwC8AcsHcSM=
=MXkB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ