Date: Fri, 3 Jun 2016 15:26:24 +0200 From: Kangjie Lu <kangjielu@...il.com> To: oss-security@...ts.openwall.com Cc: Taesoo Kim <taesoo@...ech.edu>, Chengyu Song <csong84@...ech.edu> Subject: CVE Request: tipc: an infoleak in tipc_nl_compat_link_dump Hello, In function tipc_nl_compat_link_dump of file net/tipc/netlink_compat.c, link_info.str is a char array of size 60. Memory after the NULL byte is not initialized. Sending the whole object out can cause a leak of sensitive info in kernel stack. Fix info: https://patchwork.ozlabs.org/patch/629100/ Please help assign a CVE to this vulnerability. Thanks, Kangjie Lu
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ