Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 21 Oct 2015 17:49:27 -0400 (EDT)
From: cve-assign@...re.org
To: speirofr@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>  * vivid-osd.c - osd support for testing overlays.
>  *
>  * Copyright 2014 Cisco Systems, Inc.
> 
> http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c
> fails to initialize the 16 _reserved bytes of struct fb_vblank

Use CVE-2015-7884.


>  * Copyright 2003 Digi International (www.digi.com)
>  * This file implements the mgmt functionality for the
>  * Neo and ClassicBoard based product lines.
> http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05
> fails to initialize the 16 _reserved bytes of struct digi_dinfo

Use CVE-2015-7885.


(These are similar types of issues located in unrelated files that
presumably were introduced into the Linux kernel at different points
in the past. The code that has the missing memset lines is also
included in downloads such as
https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.2.3.tar.xz.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWKAb4AAoJEL54rhJi8gl5bgsQAMParW1DV8nkU5UruaCVBSL2
TcBRj0LK/tt5NbPdp2XmA1iDVVS36F99kgFB3QkTqUMW8jtHdoFhyZJ8zaMgDEd1
h7e0Xv2S5Nh9gY72y18JCP2X7YMyAjgiL8VpnsKm2YBRxi+K9IByz7/hF1h6zZWj
N2+pVK7vuQdkFvdVICBMdFxM9M0ETYrKNg+R0HU17aFKSvnh1WvyYk2lY8CPWTYh
VmDV8U3xU6CYE0ZUbgbmaoKGU7Q6JsqoZ1lGzW+ic9q/g2ccvEjcid38WDBlSKUD
TLztqx1B7eDkdb/CuSpuxDEkYhNAVwH3UlPft3wRx0zzXFSUGfD+FBO13MLvQtLY
3i9l1zlupXKH79A+uvDMhK6oNqLcSZeqNB+EoCYD0FPjzy0LmShVEcGsejrYgnOx
/7XY/l1yvkhkyxeisrGLQuO6+XteI+9AWC+DMJa2aB7Ce25Mpo4sf4W6apLNGfZu
rRxA1vKLiDYJgApXgzpL/1G3/0aYMXKMbqS8dwuQ5wzFZXrZg92kI6F/qsU7jVAB
n0iZeAkDJETavV50Ie8fzwNmM9v34v+2N2E9Eo3QQYrDZS++sWRzozx4UO2f1r/2
yfQgK+4jINpA6mvE231lzULWKb57sh6oEHSUZ+HeVPog/w+dmGD/lJ5AMm+W3PPW
QK2Q/TS+rGKeY/pKIzjl
=zgZN
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ