Date: Mon, 7 Nov 2016 13:48:54 +0100 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Cc: citypw@...il.com, cve-assign@...re.org Subject: Re: Re: kernel: fix minor infoleak in get_user_ex() Hi, > > get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak > > (at most we are leaking uninitialized 64bit value off the kernel > > stack, and in a fairly constrained situation > > > > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af > > https://lwn.net/Articles/705264/ > > Use CVE-2016-9178. Can you please clarify on the scope of CVE-2016-9178? I assume this is for the leak fixed with 1c109fabbd51863475cd12ac206bdd249aee35af, but the LWN comment by Brad Spengler referenced above refers to a new issue which affected some Linux stable lines, which backported 1c109fabbd51863475cd12ac206bdd249aee35af without also backporting 548acf19234dbda5a52d5a8e7e205af46e9da840. So please assign a second CVE ID for the latter. Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ