Date: Mon, 7 Nov 2016 13:48:54 +0100 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Cc: citypw@...il.com, cve-assign@...re.org Subject: Re: Re: kernel: fix minor infoleak in get_user_ex() Hi, > > get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak > > (at most we are leaking uninitialized 64bit value off the kernel > > stack, and in a fairly constrained situation > > > > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af > > https://lwn.net/Articles/705264/ > > Use CVE-2016-9178. Can you please clarify on the scope of CVE-2016-9178? I assume this is for the leak fixed with 1c109fabbd51863475cd12ac206bdd249aee35af, but the LWN comment by Brad Spengler referenced above refers to a new issue which affected some Linux stable lines, which backported 1c109fabbd51863475cd12ac206bdd249aee35af without also backporting 548acf19234dbda5a52d5a8e7e205af46e9da840. So please assign a second CVE ID for the latter. Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.