Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 7 Nov 2016 13:48:54 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Cc: citypw@...il.com, cve-assign@...re.org
Subject: Re: Re: kernel: fix minor infoleak in get_user_ex()

Hi,

> > get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak
> > (at most we are leaking uninitialized 64bit value off the kernel
> > stack, and in a fairly constrained situation
> > 
> > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af
> > https://lwn.net/Articles/705264/
> 
> Use CVE-2016-9178.

Can you please clarify on the scope of CVE-2016-9178?

I assume this is for the leak fixed with 1c109fabbd51863475cd12ac206bdd249aee35af,
but the LWN comment by Brad Spengler referenced above refers to a new issue
which affected some Linux stable lines, which backported 
1c109fabbd51863475cd12ac206bdd249aee35af without also backporting
548acf19234dbda5a52d5a8e7e205af46e9da840.

So please assign a second CVE ID for the latter.

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.