Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 Nov 2016 03:08:48 -0400
From: <cve-assign@...re.org>
To: <citypw@...il.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: kernel: fix minor infoleak in get_user_ex()

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak
> (at most we are leaking uninitialized 64bit value off the kernel
> stack, and in a fairly constrained situation
> 
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af
> https://lwn.net/Articles/705264/

Use CVE-2016-9178.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYHDIZAAoJEHb/MwWLVhi2IVYP/R24MqfqIc1TDy62xNPR8gcu
AagimLd3Vuuqyjf63QNercHvGfDoYnwg/94OsLR/mX+jzd2M4tfXxb4Jr5Rfiul6
9rkwX+/Fd8E5gRu6N494xtbgPOsUApgMAspLOc7iUJ8pUcxe7A1k47F+xJovTeKx
ode5Atqdzgp1yN0QEPcxLG+6fyhDpBG4wwxKaYxDT5CLjkG7PWlNbGmsKhJjCpcA
Dlj/mLNI9nQL0qXIG3tLJfZ+sNOn0Ptq3VPz4osrEVZpGkr0+xQWHpmNYZg0pc80
gmJVIkPH1DnnMeGh88amjMSk3sCGvSiUZKOU8fLPHwYZOBC7Ka44GEBq4yX1CjhD
L5wrMxJAZQVavRbTK4FEsj2agNkBoTSYwiZvMrQioW8CPwJN3WAaVLZiGx6f62Kc
OmFXfltVjFHmMfxyEi4hcyVVNAD0XeIz+gxV9vAFebtbwnjvdRd0uQ7pnwpiYP9N
E+PoZWZMyzhVciI0+UFhxABhA8rPX3ceWH0LiNKzCj2CwZJTwJVbLdLbLih5/7rZ
WNZf/oaV67rAVF5fVwIFhO7+ihyiOIlgduphxgshAgZSBl3UTTuDqQKpaCld6Zhv
G2RUyZy7LPCQysCYhzmFfXoc2mnI1xSgRTtUwhjAHdrIMnFt9FshiADMXcSxdd4G
OxELxPZCTGX4qVO3xmty
=RnaX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ