Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 30 Jul 2017 12:47:35 +0800 (CST)
From: sohu0106 <sohu0106@....com>
To: oss-security@...ts.openwall.com
Subject: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak

net/irda/af_irda.c

Sometimes irda_getsockopt() doesn't initialize all members of list field of irda_device_list struct.  This structure is then copied to
userland.  It leads to leaking of contents of kernel stack memory.  We have to initialize them to zero , or it will allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure

https://github.com/torvalds/linux/pull/440

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ