oss-sec mailing list archives
Re: CVE request: multiple kernel stack memory disclosures
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 25 Oct 2010 17:52:36 -0400 (EDT)
All, I apologize for taking so long to handle this. Dan, thanks for being so diligent about digging up more information! That couldn't have been easy, let alone fun. - Steve ======================================================================== http://www.openwall.com/lists/oss-security/2010/10/07/1 Author: Dan Rosenberg
ipc/shm.c (shmctl), reported and fixed by Kees Cook Affects >= 2.6.0, >= 2.4.0 Reference: http://lkml.org/lkml/2010/10/6/454
CVE-2010-4072
ipc/compat.c (compat versions of semctl, shmctl, and msgctl) Affects >= 2.6.8 ipc/compat_mq (compat versions of mq_open and mq_getsetattr) Affects >= 2.6.8 Reference: http://lkml.org/lkml/2010/10/6/492
CVE-2010-4073 ======================================================================== http://www.openwall.com/lists/oss-security/2010/10/06/6 Author: Dan Rosenberg Due to the high variation in affected kernel versions, most of these are SPLIT.
TIOCGICOUNT stack leaks:
(see http://lkml.org/lkml/2010/9/16/294)
usb/serial/mos*.c Fixed in 2.6.36-rc5 Affects >= 2.6.19
CVE-2010-4074
drivers/serial/serial_core.c Not fixed yet (Alan Cox's fix will be in 2.6.37) Affects >= 2.6.0
CVE-2010-4075
drivers/char/amiserial.c Not fixed yet (Alan Cox's fix will be in 2.6.37) Affects >= 2.6.0, >= 2.4.0
CVE-2010-4076
drivers/char/nozomi.c Not fixed yet (Alan Cox's fix will be in 2.6.37) Affects >= 2.6.25
CVE-2010-4077
drivers/net/usb/hso.c (CVE-2010-3298) Fixed in 2.6.36-rc5 Affects >= 2.6.29
Already assigned - CVE-2010-3298
FBIOGET_VBLANK stack leaks:
drivers/video/sis/sis_main.c Fixed in 2.6.36-rc6 Affects >= 2.6.11
CVE-2010-4078
drivers/video/ivtv/ivtvfb.c Not fixed yet (patch has been queued) Affects >= 2.6.24
CVE-2010-4079
Miscellaneous device ioctl stack leaks:
sound/pci/rme9652/hdsp*.c Fixed in 2.6.36-rc6 Affects >= 2.6.0 (hdsp.c), >= 2.6.13 (hdspm.c)
These are SPLIT because the affected files are in different versions. hdsp.c - CVE-2010-4080 hdspm.c - CVE-2010-4081
drivers/video/via/ioctl.c Fixed in 2.6.36-rc5 Affects >= 2.6.28
CVE-2010-4082
drivers/net/cxgb3/cxgb3_main.c (CVE-2010-3296) Fixed in 2.6.36-rc5 Affects >= 2.6.21
Already assigned - CVE-2010-3296
drivers/net/eql.c (CVE-2010-3297) Fixed in 2.6.36-rc5 Affects >= 2.6.0, >= 2.4.0
Already assigned - CVE-2010-3297
System call stack leak:
ipc/sem.c Not fixed yet (patch queued) Affects >= 2.6.0, >= 2.4.0
Presumably the lack of a current patch means this will affect a different version than CVE-2010-4072 (ipc/shm.c shmctl), see above. CVE-2010-4083 - Steve
Current thread:
- Re: CVE request: multiple kernel stack memory disclosures Dan Rosenberg (Oct 01)
- Re: CVE request: multiple kernel stack memory disclosures Steven M. Christey (Oct 06)
- Re: CVE request: multiple kernel stack memory disclosures Dan Rosenberg (Oct 06)
- Re: CVE request: multiple kernel stack memory disclosures Dan Rosenberg (Oct 06)
- Re: CVE request: multiple kernel stack memory disclosures Steven M. Christey (Oct 25)
- Re: CVE request: multiple kernel stack memory disclosures Dan Rosenberg (Oct 06)
- Re: CVE request: multiple kernel stack memory disclosures Steven M. Christey (Oct 06)