oss-sec mailing list archives
CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user
From: P J P <ppandit () redhat com>
Date: Wed, 5 Jun 2013 13:23:02 +0530 (IST)
Hi,Linux kernel built with the Filesystem wide access notification (CONFIG_FANOTIFY) support is vulnerable to an information leakage flaw. The leaked bytes could be accessed via read(2) call on the fanotify descriptor.
A user/program could use this flaw to leak kernel memory bytes. Upstream fix: ------------- -> https://lkml.org/lkml/2013/6/3/128 Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
Current thread:
- CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user P J P (Jun 05)
- Re: CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user Kurt Seifried (Jun 05)