Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Oct 2015 12:07:25 +0200
From: Salva Peiró <speirofr@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc

Hello,

Are there CVEs for these? If not, could these be assigned, please?

   
http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c
    media/vivid-osd: fix info leak in ioctl

        [media] media/vivid-osd: fix info leak in ioctl
        The vivid_fb_ioctl() code fails to initialize the 16 _reserved
bytes of
        struct fb_vblank after the ->hcount member. Add an explicit
        memset(0) before filling the structure to avoid the info leak.

   
http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05
    staging/dgnc: fix info leak in ioctl

        The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved
bytes of
        struct digi_dinfo after the ->dinfo_nboards member. Add an explicit
        memset(0) before filling the structure to avoid the info leak.

--
Salva Peiró @ https://speirofr.appspot.com
CS Researcher & Software Engineer
Universitat Politècnica de València, Spain.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ