Date: Mon, 31 Jul 2017 17:24:10 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: sohu0106 <sohu0106@....com> Subject: Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak On Mon, Jul 31, 2017 at 04:03:57PM +0100, John Haxby wrote: > On 30/07/17 05:47, sohu0106 wrote: > > net/irda/af_irda.c > > > > Sometimes irda_getsockopt() doesn't initialize all members of list field of irda_device_list struct. This structure is then copied to > > userland. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero , or it will allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure > > > > https://github.com/torvalds/linux/pull/440 > > Have you requested a CVE for this? Both messages sohu0106 posted initially had the Subject of "CVE request: kernel stack infoleaks", which I changed to the two more specific Subjects before approving the messages. (I do that to especially non-descriptive Subjects from time to time, as long as the messages were not CC'ed to elsewhere. I leave message bodies entirely intact.) Thus, sohu0106 wanted to request the CVEs from this list, and apparently didn't request them elsewhere. sohu0106, this list is no longer a place to request CVEs from, but we appreciate the vulnerability notifications. You may request the CVEs from https://cveform.mitre.org and then post them in here, "replying" to your own messages on the list. sohu0106, have you also reported these issues upstream? For the net/irda/af_irda.c issue, from the MAINTAINERS file: IRDA SUBSYSTEM M: Samuel Ortiz <samuel@...tiz.org> L: irda-users@...ts.sourceforge.net (subscribers-only) L: netdev@...r.kernel.org W: http://irda.sourceforge.net/ S: Maintained T: git git://git.kernel.org/pub/scm/linux/kernel/git/sameo/irda-2.6.git F: Documentation/networking/irda.txt F: drivers/net/irda/ F: include/net/irda/ F: net/irda/ For the driver/video/fbdev/aty/atyfb_base.c issue I guess it's linux-fbdev@...r.kernel.org, although there's no perfect match for that filename. In both cases, CC the messages to LKML. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ