Date: Sat, 5 Sep 2009 21:52:50 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: Willy Tarreau <w@....eu> Subject: Re: CVE request: kernel: tc: uninitialised kernel memory leak On Thu, Sep 03, 2009 at 11:45:03AM +0800, Eugene Teo wrote: > Three bytes of uninitialised kernel memory are currently leaked to user. > > http://patchwork.ozlabs.org/patch/32830/ > https://bugzilla.redhat.com/show_bug.cgi?id=520990 2.4 kernels appear to be affected as well, and moreover they appear to require at least some of these older fixes as well: http://marc.info/?l=git-commits-head&m=112002138324380 Specifically, in net/sched/sch_api.c both tc_fill_qdisc() and tc_fill_tclass() are affected - the former was fixed in 2.6 in 2005, the latter is being fixed now. I'm not sure what this means for CVE. Should there be another CVE id for the issues fixed in 2.6 in 2005 (if one was not allocated at the time), and 2.4 could reference both CVE ids now? I did not check if any of the affected code is possibly normally only available to root, but even if so the issue may be relevant on systems with containers. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.