Date: Fri, 3 Jun 2016 15:30:02 +0200 From: Kangjie Lu <kangjielu@...il.com> To: oss-security@...ts.openwall.com Cc: Taesoo Kim <taesoo@...ech.edu>, Chengyu Song <csong84@...ech.edu> Subject: CVE Request: rds: fix an infoleak in rds_inc_info_copy Hello, There was an infoleak vulnerability in function rds_inc_info_copy of file net/rds/recv.c. The last field "flags" of object "minfo" is not initialized. Copying this object out may leak kernel stack data. Assign 0 to it to avoid leak. Fix info: https://patchwork.ozlabs.org/patch/629110/ Please help assign a CVE to this vulnerability. Thanks, Kangjie Lu
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ