Date: Wed, 4 May 2016 16:43:36 -0400 From: Kangjie Lu <kangjielu@...il.com> To: oss-security@...ts.openwall.com, Chengyu Song <csong84@...ech.edu>, Taesoo Kim <taesoo@...ech.edu>, Insu Yun <insu@...ech.edu> Subject: CVE Request: kernel information leak vulnerability in llc module Hello, We found a kernel information leak vulnerability in the llc module. In the file "net/llc/af_llc.c", The stack object “info” has a total size of 12 bytes. Its last byte is padding which is not initialized and leaked via “put_cmsg”. Our patch to this vulnerability has been accepted and applied by linux kernel maintainer (please refer to the message bellow). Fix info: http://marc.info/?l=linux-netdev&m=146239325130106&w=2 http://marc.info/?l=linux-kernel&m=146239321930088&w=2 Please help assign a CVE to this vulnerability. Thanks a lot! Kangjie Lu ---------- Forwarded message ---------- From: David Miller <davem@...emloft.net> Date: Wed, May 4, 2016 at 4:20 PM Subject: Re: [PATCH] fix infoleak in llc To: kangjielu@...il.com Cc: acme@...stprotocols.net, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, taesoo@...ech.edu, insu@...ech.edu, kjlu@...ech.edu From: Kangjie Lu <kangjielu@...il.com> Date: Tue, 3 May 2016 16:35:05 -0400 > The stack object “info” has a total size of 12 bytes. Its last byte > is padding which is not initialized and leaked via “put_cmsg”. > > Signed-off-by: Kangjie Lu <kjlu@...ech.edu> Applied.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.