Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Nov 2013 19:02:00 +0100
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: Linux kernel: net: uninitialised memory leakage

Hello!

On Thu, Nov 28, 2013 at 11:10:46PM +0530, P J P wrote:
> Linux kernel built with the networking support(CONFIG_NET), is vulnerable 
> to a memory leakage flaw. It occurs while doing the recvmsg(2), 
> recvfrom(2), recvmmsg(2) socket calls.
> 
> A user/program could use this flaw to leak kernel memory bytes.
> 
> Upstream fix:
> -------------
>  -> 
>  https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=bceaa90240b6019ed73b49965eac7d167610be69

This patch does break stuff, a follow-up is needed which did not get
to Linus yet, but is already queued up for stable. Otherwise traceroute
is broken:

https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=85fbaa75037d0b6b786ff18658ddf0b4014ce2a4

I found other leaks in non-inet protocols:

https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c

The protocols where I did remove msg_namelen = 0 where actually
safe. Some of the protocols I did not touch could leak up to 128 bytes
of uninitialized data from the stack.

Hardening against out-of-bounds writes:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=68c6beb373955da0886d8f4f5995b3922ceda4be

Also there is a small 2-bytes memory leak in extended error reporting:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=68c6beb373955da0886d8f4f5995b3922ceda4be

Greetings,

  Hannes

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.