Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Dec 2015 12:44:30 +0100
From: Marcus Meissner <>
Subject: Re: Re: CVE Request: Linux Kernel: information leak
 from getsockname

On Tue, Dec 15, 2015 at 01:15:07PM -0500, wrote:
> >
> >
> >
> (not yet available at
> > getsockname() for some socket families did not check the length of the passed sockaddr,
> > copying out more kernel memory than required, leaking information from the kernel stack,
> > including kernel addresses. This can be used for KASLR bypass or other information leaks.
> Use CVE-2015-8569 for both the pptp_bind issue and the pptp_connect
> issue. (We don't know whether the pptp_connect issue would've been
> exploitable if only the pptp_bind issue were fixed.)

The netdev team has added more fixes very similar to that. Could we merge them with this CVE?

in bluetooth/sco

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ