Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon,  9 May 2016 19:29:09 -0400 (EDT)
From: cve-assign@...re.org
To: kangjielu@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, csong84@...ech.edu, insu@...ech.edu, taesoo@...ech.edu
Subject: Re: CVE Request: kernel information leak vulnerability in Linux sound module

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://comments.gmane.org/gmane.linux.kernel/2214250
> 
> The stack object "tread" has a total size of 32 bytes. Its field
> "event" and "val" both contain 4 bytes padding. These 8 bytes
> padding bytes are sent to user without being initialized.

Use CVE-2016-4569.

This is not yet available at
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/sound/core/timer.c
but may be there later.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXMRzFAAoJEHb/MwWLVhi2mMAP/3G1B/9smkpGJB5/VGfvpifs
Nzkd+Jy6CHSi+Q0A91h1YdTrLwtFQMffVo0keZd8gYarApxSpA8qiRVK1sc3bsZ6
Um9NW+4dVLjUZ+RjQ0RjDMjKWbTHFyzZC8Z8DiY8ZXMzpY4UaylEVP9auSCUXvmq
4p8guXW+6PdoaDarFqTVW/fpSfk2gHFxbkWZ602xUdXTn8ZGkItv25dvtVgp21IP
zOfaZmZG+yPjOPCMEQNm3TcuJ7jFeq/KpsuLmtyY/EOBUNqZpRtJBtEPTMMkxlNZ
BaDuV1SrJsXu7ZDsfdz+Yx+57Wa/gDkOsVnFlJyTR6NOrtJfjwJG+dYZYAA0bg4N
KliqQTCOhGGkPGOB52zRg9UYg+7d/dEqcL2oP6Xuvr74aY1CZepbD+zDMkympXuQ
Wu93c5Hh05g3xOwNj+90s3u8DQ0sDJlfizUXWbStEmBJNwno6y/HjSVJqs/vjZWk
ERyWZd4vkVGbt4rBoTCNdxUi+V1k04xQGM6dF1XUSQd4rhQ0HJKRva10ac90JVSx
pt/KPWxL89MxWLOmHP5VdIHFoQyFre4a4fOzFMovixB0RJsm5/iZ3lAKPc0RKsu6
ZgtaujTVAkMAtFM0tfCybSI++JEsYIMV5Rr9cNkSYSVZYKbn0A+i+mH3luREBJyF
6rS0YTVBB5kAR9DgUc2n
=I4nm
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ