Date: Wed, 15 Jun 2016 16:29:50 +1000 From: Wade Mealing <wmealing@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree(). Gday, A flaw was found in the Linux kernels keyring handling code, where in key_reject_and_link() there's an uninitialised variable that isn't set by __key_link_begin() on the destination keyring if that function fails. If a destination keyring was supplied, then __key_link_end() is called whether or not __key_link_begin() succeeded, with the result that the edit pointers contains members which end up being freed. These are the user controlled addresses that can exist from previous memory contents. Thanks, Wade Mealing Product Security Team Resources: https://bugzilla.redhat.com/show_bug.cgi?id=1341716 Patch: https://www.spinics.net/lists/linux-kernel-janitors/msg26069.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.