Date: Tue, 10 Dec 2013 10:30:37 +0100 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com Subject: Re: CVE request: Linux kernel: net: memory leak in recvmsg handler msg_name & msg_namelen logic On Tue, Dec 10, 2013 at 01:00:43PM +0530, P J P wrote: > Hello, > > Linux kernel built with the networking support(CONFIG_NET) is vulnerable to > an information leakage flaw in the socket layer. It could occur while doing > recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly > initialised msg_name & msg_namelen message header parameters. > > A user/program could use this flaw to leak kernel memory bytes. > > Upstream fix: > ------------- > -> https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c > > Reference: > ---------- > -> https://bugzilla.redhat.com/show_bug.cgi?id=1039845 CVE-2013-6405 covers parts of that already I think and could be extended? Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.