Re: CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/05/2013 01:53 AM, P J P wrote:
> Hi,
>
> Linux kernel built with the Filesystem wide access notification 
> (CONFIG_FANOTIFY) support is vulnerable to an information leakage
> flaw. The leaked bytes could be accessed via read(2) call on the
> fanotify descriptor.
>
> A user/program could use this flaw to leak kernel memory bytes.
>
> Upstream fix: ------------- -> https://lkml.org/lkml/2013/6/3/128
>
> Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A
> 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Please use CVE-2013-2148 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRr5G0AAoJEBYNRVNeJnmTO7cP+QHw+Hw+XUrCtsj2Jrawr+4m
UV/QXA4fNwSoVQpnlHF+PLCZkr4TmS+6MK0hdVe9DovoI8edMJY4rTGb5Snil83+
ldOg0mFKSOyYcdlRT24Zt73wMcLMtmX6lbAQVl5dM8E5T5LA8+WY/mhhZ8IBvIhR
h+KLiQVLTuJcWIixnbUdf6IxXqLB+Gh4FlUwVh5amFPRQflOha2qSZxj7qbn0lRN
MzfPT0TZfe4/i/CUHAYWk+uB44KSGh7t20aDuFpVBqM645NAvwBtOIIrVYFyIeLH
eJAGlX/8GBwf8UUtTHjaaFo66osrIRCIw7LQl+5hkDQ84jyhA3VMA6MZplbX/usF
HFPnreSp481L4kORWDarkwpTjgjKRwjBjOqWecEyDizXKoXdT6HqasNu9GuRU4Te
PYSqGxwApcqH8MtYneENVx+Nh/rRTFtBc6S9DOvL675NxZpXFohpo3Zy1QaTWCRV
cOzOvj6j1ZU8paUa0x7W5Viqhm8p8Yns3kpr7of4wGCi77liaIyV70NPzdCVb1pS
jckSHZonzKVGtabO00hEdGrOr9WzzVwThZJcTXoqzbjIkZplH0HR2RiIscKHlw9j
DzU4arcwq8cFLDqGOOPePeL2ZeWhEEniR2yUUlekB64jrev4vUQhNCQ+hvRpqpPA
k4Wi35esxrkkLHFGynst
=BLUh
-----END PGP SIGNATURE-----