Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed,  4 May 2016 01:28:40 -0400 (EDT)
From: cve-assign@...re.org
To: kangjielu@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, taesoo@...ech.edu, csong84@...ech.edu, insu@...ech.edu
Subject: Re: CVE Request: information leak in devio of Linux kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> In the USB module (drivers/usb/core/devio.c), The stack object "ci" has a
> total
> size of 8 bytes. Its last 3 bytes are padding bytes which are not
> initialized and
> leaked to userland
> 
> http://www.spinics.net/lists/linux-usb/msg140243.html
> 
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/log/drivers/usb/core/devio.c
> (not yet there; probably soon)

Use CVE-2016-4482.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXKYeVAAoJEHb/MwWLVhi2HVgP/1PZ63KIkqDmy/qRT0FjYG13
L5SvXGvwD/uo9GEf5Ml27JTEnJ3GAGno0Rvo8x44739X4KJijhoJYiqhxg2gmakM
aXtuCjLVry5RBak+VZbclmKIIei+WNuPIhzBJ9PGIP0hxmMJtXgGxq41HZGJbQYj
RzrQlJcmu7TixXCpPwxPFP+APMQaiB7i8M4x+lNfBSDs42eeqBlJJdCP7OCk3Bw/
ROHI9+UaUko5tbvL/sFQoiA/53BKW2/iGT+X9belfRc93guZibKmlBxtgw3TKnKH
MTSGnHiPmkGGcQU8R3QEiBdFvUuPeJvlkSjP3sLW4oYm+MC+HcJX2u90uYzzb0xJ
EW/9jq4gt9X8UNRRGZEAaJTw/lSYocDWB7pF7DVEu1Gxuv7pQlUNtwvu3PAFRJfF
ulVqU8Cp9S/rOEoAIxSoaUbH8mHSVFwo9sASn1KIeMZzHkjZs2wvLu8MMW2g8R2j
Oj+lgNmGAqw4AUXY9GlqG0Z6CUMxZRWUoGyeLKceDK2dlQv390YgZOoeWvbONU1N
DC6qV9F/i+EYwWgS8LN1m6Kly0nPRsH0COPfZA8+APoVvtetBMMgDCG93sGbE12j
SEI/tu19i118D3Nq1kQWhXQh1xpsgKy+X9gMxWJAbHuzdYX5Jwn0wJqctEXjNVaz
Plv7PbXJ7DAoP8bNb/Ry
=3AUJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ