Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Dec 2015 12:44:30 +0100
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Cc: cve-assign@...re.org
Subject: Re: Re: CVE Request: Linux Kernel: information leak
 from getsockname

On Tue, Dec 15, 2015 at 01:15:07PM -0500, cve-assign@...re.org wrote:
> > http://twitter.com/grsecurity/statuses/676744240802750464
> > https://lkml.org/lkml/2015/12/14/252
> > http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1
> 
> (not yet available at
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/net/ppp/pptp.c)
> 
> > getsockname() for some socket families did not check the length of the passed sockaddr,
> > copying out more kernel memory than required, leaking information from the kernel stack,
> > including kernel addresses. This can be used for KASLR bypass or other information leaks.
> 
> Use CVE-2015-8569 for both the pptp_bind issue and the pptp_connect
> issue. (We don't know whether the pptp_connect issue would've been
> exploitable if only the pptp_bind issue were fixed.)

The netdev team has added more fixes very similar to that. Could we merge them with this CVE?

http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4

in bluetooth/sco

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ