Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 Dec 2015 15:30:02 +0100
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: Linux Kernel: information leak from getsockname

Hi,

spotted by grsecurity
https://twitter.com/grsecurity/status/676744240802750464

https://lkml.org/lkml/2015/12/14/252
http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1

getsockname() for some socket families did not check the length of the passed sockaddr,
copying out more kernel memory than required, leaking information from the kernel stack,
including kernel addresses. This can be used for KASLR bypass or other information leaks. 

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.