| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y+Hp+0LzvScaUJV0@gondor.apana.org.au>
Date: Tue, 7 Feb 2023 14:04:43 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Hyunwoo Kim <v4bel@...ori.io>
Cc: steffen.klassert@...unet.com, davem@...emloft.net,
edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
imv4bel@...il.com, netdev@...r.kernel.org
Subject: Re: [PATCH] af_key: Fix heap information leak
On Sat, Feb 04, 2023 at 09:50:18AM -0800, Hyunwoo Kim wrote:
> Since x->calg etc. are allocated with kmalloc, information
> in kernel heap can be leaked using netlink socket on
> systems without CONFIG_INIT_ON_ALLOC_DEFAULT_ON.
>
> Signed-off-by: Hyunwoo Kim <v4bel@...ori.io>
> ---
> net/key/af_key.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
Please explain exactly what is leaked and how.
Thanks,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists