Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAFcO6XOjcW7g=sS6DbjRY983i1nteHyA2nNBK_+Gbj6OmFVNXQ@mail.gmail.com>
Date: Tue, 24 Sep 2019 18:28:40 +0800
From: butt3rflyh4ck <butterflyhuangxx@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2019-16714: info leak in RDS rds6_inc_info_copy

Hi, there is a info leak vulnerability in rds modules in linux kernel.

CVE-2019-16714
================
description:

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c
allows attackers to obtain sensitive information from kernel stack memory
because tos and flags fields are not initialized.


Fixed in
https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736

================

credit by :

the ADLab of venustech.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.