Date: Tue, 10 Dec 2013 13:00:43 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss security list <oss-security@...ts.openwall.com> Subject: CVE request: Linux kernel: net: memory leak in recvmsg handler msg_name & msg_namelen logic Hello, Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. A user/program could use this flaw to leak kernel memory bytes. Upstream fix: ------------- -> https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1039845 Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.