| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170730110322.2f8171ea@xeon-e3>
Date: Sun, 30 Jul 2017 11:03:22 -0700
From: Stephen Hemminger <stephen@...workplumber.org>
To: samuel@...tiz.org
Cc: netdev@...r.kernel.org
Subject: Fw: [Bug 196533] New: kernel stack infoleaks
Begin forwarded message:
Date: Sun, 30 Jul 2017 05:13:08 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 196533] New: kernel stack infoleaks
https://bugzilla.kernel.org/show_bug.cgi?id=196533
Bug ID: 196533
Summary: kernel stack infoleaks
Product: Networking
Version: 2.5
Kernel Version: 4.12.2
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Other
Assignee: stephen@...workplumber.org
Reporter: sohu0106@....com
Regression: No
bug in net/irda/af_irda.c
Sometimes irda_getsockopt() doesn't initialize all members of list field of
irda_device_list struct. This structure is then copied to
userland. It leads to leaking of contents of kernel stack memory. We have to
initialize them to zero , or it will allows local users to obtain potentially
sensitive information from kernel stack memory by reading a copy of this
structure
https://github.com/torvalds/linux/pull/440
--
You are receiving this mail because:
You are the assignee for the bug.
Powered by blists - more mailing lists