Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Nov 2016 13:48:54 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Cc: citypw@...il.com, cve-assign@...re.org
Subject: Re: Re: kernel: fix minor infoleak in get_user_ex()

Hi,

> > get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak
> > (at most we are leaking uninitialized 64bit value off the kernel
> > stack, and in a fairly constrained situation
> > 
> > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af
> > https://lwn.net/Articles/705264/
> 
> Use CVE-2016-9178.

Can you please clarify on the scope of CVE-2016-9178?

I assume this is for the leak fixed with 1c109fabbd51863475cd12ac206bdd249aee35af,
but the LWN comment by Brad Spengler referenced above refers to a new issue
which affected some Linux stable lines, which backported 
1c109fabbd51863475cd12ac206bdd249aee35af without also backporting
548acf19234dbda5a52d5a8e7e205af46e9da840.

So please assign a second CVE ID for the latter.

Cheers,
        Moritz

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ