Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 8 May 2016 18:16:50 -0400
From: Kangjie Lu <>
To:, Chengyu Song <>, 
	Insu Yun <>, Taesoo Kim <>
Subject: CVE Request: kernel information leak vulnerability in Linux sound module


In file sound/core/timer.c of the latest mainline Linux kernel, the stack
object “tread” has a total size of 32 bytes. It contains a 8-bytes padding,
which is not initialized but sent to user via copy_to_user, resulting a
kernel leak.

Fix info:

Please help assign a CVE to this vulnerability.

Kangjie Lu

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ