Date: Wed, 25 Sep 2019 18:53:14 +0800 From: butt3rflyh4ck <butterflyhuangxx@...il.com> To: oss-security@...ts.openwall.com Subject: CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy Hi, there is a info leak vulnerability in rds modules in linux kernel. CVE-2019-16714 ================ description: In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. ================= some more details in https://nvd.nist.gov/vuln/detail/CVE-2019-16714 Fixed in https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736 ================ Credit : This issue was discovered by the ADLab of venustech.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.