Date: Wed, 16 Dec 2015 12:44:30 +0100 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com, cve-assign@...re.org Cc: cve-assign@...re.org Subject: Re: Re: CVE Request: Linux Kernel: information leak from getsockname On Tue, Dec 15, 2015 at 01:15:07PM -0500, cve-assign@...re.org wrote: > > http://twitter.com/grsecurity/statuses/676744240802750464 > > https://lkml.org/lkml/2015/12/14/252 > > http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1 > > (not yet available at > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/net/ppp/pptp.c) > > > getsockname() for some socket families did not check the length of the passed sockaddr, > > copying out more kernel memory than required, leaking information from the kernel stack, > > including kernel addresses. This can be used for KASLR bypass or other information leaks. > > Use CVE-2015-8569 for both the pptp_bind issue and the pptp_connect > issue. (We don't know whether the pptp_connect issue would've been > exploitable if only the pptp_bind issue were fixed.) The netdev team has added more fixes very similar to that. Could we merge them with this CVE? http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4 in bluetooth/sco Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ