Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 10 Dec 2013 10:30:37 +0100
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: Linux kernel: net: memory leak in
	recvmsg handler msg_name & msg_namelen logic

On Tue, Dec 10, 2013 at 01:00:43PM +0530, P J P wrote:
>    Hello,
>
> Linux kernel built with the networking support(CONFIG_NET) is vulnerable to 
> an information leakage flaw in the socket layer. It could occur while doing 
> recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly 
> initialised msg_name & msg_namelen message header parameters.
>
> A user/program could use this flaw to leak kernel memory bytes.
>
> Upstream fix:
> -------------
>  -> https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
>
> Reference:
> ----------
>  -> https://bugzilla.redhat.com/show_bug.cgi?id=1039845

CVE-2013-6405 covers parts of that already I think and could be extended?

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.