Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Nov 2016 13:48:54 +0100
From: Moritz Muehlenhoff <>
Subject: Re: Re: kernel: fix minor infoleak in get_user_ex()


> > get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak
> > (at most we are leaking uninitialized 64bit value off the kernel
> > stack, and in a fairly constrained situation
> > 
> >
> >
> Use CVE-2016-9178.

Can you please clarify on the scope of CVE-2016-9178?

I assume this is for the leak fixed with 1c109fabbd51863475cd12ac206bdd249aee35af,
but the LWN comment by Brad Spengler referenced above refers to a new issue
which affected some Linux stable lines, which backported 
1c109fabbd51863475cd12ac206bdd249aee35af without also backporting

So please assign a second CVE ID for the latter.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ