Date: Wed, 11 May 2016 08:52:16 +0200 From: Takashi Iwai <tiwai@...e.de> To: oss-security@...ts.openwall.com Cc: Kangjie Lu <kangjielu@...il.com>, Chengyu Song <csong84@...ech.edu>, Insu Yun <insu@...ech.edu>, Taesoo Kim <taesoo@...ech.edu> Subject: Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer On Tue, 10 May 2016 21:27:58 +0200, Kangjie Lu wrote: > > Hello, > > In function snd_timer_user_ccallback() of file sound/core/timer.c, > the stack object “r1” has a total size of 32 bytes. Its field “event” and > “val” both > contain 4 bytes padding. These 8 bytes padding bytes are sent to user > without > being initialized. > > Fix info: > https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 > Patch has been applied: http://comments.gmane.org/gmane.linux.kernel/2214250 > > Please help assign a CVE to this vulnerability. Maybe we can fold all three similar bugs in sound/core/timer.c into the existing CVE-2016-4569? In my sound.git tree, cec8f96e49d9be372fdb0c3836dcf31ec71e457e ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 ALSA: timer: Fix leak in events via snd_timer_user_ccallback e4ec8cc8039a7063e24204299b462bd1383184a5 ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt BTW, at the next time, *please* put the upstream maintainer into the loop... Takashi
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ