oss-sec mailing list archives
Re: CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 05 Jun 2013 13:29:57 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/05/2013 01:53 AM, P J P wrote:
Hi, Linux kernel built with the Filesystem wide access notification (CONFIG_FANOTIFY) support is vulnerable to an information leakage flaw. The leaked bytes could be accessed via read(2) call on the fanotify descriptor. A user/program could use this flaw to leak kernel memory bytes. Upstream fix: ------------- -> https://lkml.org/lkml/2013/6/3/128 Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
Please use CVE-2013-2148 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRr5G0AAoJEBYNRVNeJnmTO7cP+QHw+Hw+XUrCtsj2Jrawr+4m UV/QXA4fNwSoVQpnlHF+PLCZkr4TmS+6MK0hdVe9DovoI8edMJY4rTGb5Snil83+ ldOg0mFKSOyYcdlRT24Zt73wMcLMtmX6lbAQVl5dM8E5T5LA8+WY/mhhZ8IBvIhR h+KLiQVLTuJcWIixnbUdf6IxXqLB+Gh4FlUwVh5amFPRQflOha2qSZxj7qbn0lRN MzfPT0TZfe4/i/CUHAYWk+uB44KSGh7t20aDuFpVBqM645NAvwBtOIIrVYFyIeLH eJAGlX/8GBwf8UUtTHjaaFo66osrIRCIw7LQl+5hkDQ84jyhA3VMA6MZplbX/usF HFPnreSp481L4kORWDarkwpTjgjKRwjBjOqWecEyDizXKoXdT6HqasNu9GuRU4Te PYSqGxwApcqH8MtYneENVx+Nh/rRTFtBc6S9DOvL675NxZpXFohpo3Zy1QaTWCRV cOzOvj6j1ZU8paUa0x7W5Viqhm8p8Yns3kpr7of4wGCi77liaIyV70NPzdCVb1pS jckSHZonzKVGtabO00hEdGrOr9WzzVwThZJcTXoqzbjIkZplH0HR2RiIscKHlw9j DzU4arcwq8cFLDqGOOPePeL2ZeWhEEniR2yUUlekB64jrev4vUQhNCQ+hvRpqpPA k4Wi35esxrkkLHFGynst =BLUh -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user P J P (Jun 05)
- Re: CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user Kurt Seifried (Jun 05)