Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Nov 2013 19:02:00 +0100
From: Hannes Frederic Sowa <>
Subject: Re: CVE Request: Linux kernel: net: uninitialised memory leakage


On Thu, Nov 28, 2013 at 11:10:46PM +0530, P J P wrote:
> Linux kernel built with the networking support(CONFIG_NET), is vulnerable 
> to a memory leakage flaw. It occurs while doing the recvmsg(2), 
> recvfrom(2), recvmmsg(2) socket calls.
> A user/program could use this flaw to leak kernel memory bytes.
> Upstream fix:
> -------------
>  -> 

This patch does break stuff, a follow-up is needed which did not get
to Linus yet, but is already queued up for stable. Otherwise traceroute
is broken:

I found other leaks in non-inet protocols:

The protocols where I did remove msg_namelen = 0 where actually
safe. Some of the protocols I did not touch could leak up to 128 bytes
of uninitialized data from the stack.

Hardening against out-of-bounds writes:

Also there is a small 2-bytes memory leak in extended error reporting:



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.