Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 10:40:37 +0200
From: Benjamin Randazzo <benjamin@...dazzo.fr>
To: oss-security@...ts.openwall.com
Subject: CVE request: Linux kernel - information leak in md driver

Hello,

In the md driver of the Linux kernel it’s possible to request a bitmap file for a device, but when bitmap is disabled only the first byte of the buffer is initialized to zero, and then it is copied in user space. This results in an information leak.

The patch for this issue was applied and committed in linux-next :
http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4 <http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4>
(+ merged: http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=348470064e7c42cb08f1c9d6e9f0a7d2865b3b79 <http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=348470064e7c42cb08f1c9d6e9f0a7d2865b3b79>)

Could you please generate a CVE id for this?

Thanks.

Benjamin Randazzo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.