Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Nov 2016 12:44:32 +0800
From: Shawn <citypw@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: kernel: fix minor infoleak in get_user_ex()

Hi guys,

I suppose this bug should get a CVE number.

Info:
get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak
(at most we are leaking uninitialized 64bit value off the kernel
stack, and in a fairly constrained situation, at that), but the fix is
trivial, so... Cc: stable@...r.kernel.org Signed-off-by: Al Viro
<viro@...iv.linux.org.uk> [ This sat in different branch from the
uaccess fixes since mid-August ] Signed-off-by: Linus Torvalds
<torvalds@...ux-foundation.org>

Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af

Impact:

According to Spender:

https://lwn.net/Articles/705264/

Mitigation:

PaX/Grsecurity's KERNEXEC/UDEREF
SMEP

-- 
GNU powered it...
GPL protect it...
God blessing it...

regards
Shawn

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ