lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 21 Jun 2024 10:47:00 +0200
From: Marc Kleine-Budde <mkl@...gutronix.de>
To: Shigeru Yoshida <syoshida@...hat.com>
Cc: robin@...tonic.nl, o.rempel@...gutronix.de, kernel@...gutronix.de, 
	socketcan@...tkopp.net, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, 
	pabeni@...hat.com, linux-can@...r.kernel.org, netdev@...r.kernel.org, 
	linux-kernel@...r.kernel.org, syzbot+5681e40d297b30f5b513@...kaller.appspotmail.com
Subject: Re: [PATCH v2] can: j1939: Initialize unused data in j1939_send_one()

On 17.05.2024 12:59:53, Shigeru Yoshida wrote:
> syzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()
> creates full frame including unused data, but it doesn't initialize it.
> This causes the kernel-infoleak issue. Fix this by initializing unused
> data.

Applied to linux-can.

Thanks,
Marc

-- 
Pengutronix e.K.                 | Marc Kleine-Budde          |
Embedded Linux                   | https://www.pengutronix.de |
Vertretung Nürnberg              | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax:   +49-5121-206917-9   |

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ