oss-sec mailing list archives
Re: CVE Request: Linux kernel: net: uninitialised memory leakage
From: Hannes Frederic Sowa <hannes () stressinduktion org>
Date: Thu, 28 Nov 2013 19:02:00 +0100
Hello! On Thu, Nov 28, 2013 at 11:10:46PM +0530, P J P wrote:
Linux kernel built with the networking support(CONFIG_NET), is vulnerable to a memory leakage flaw. It occurs while doing the recvmsg(2), recvfrom(2), recvmmsg(2) socket calls. A user/program could use this flaw to leak kernel memory bytes. Upstream fix: ------------- -> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=bceaa90240b6019ed73b49965eac7d167610be69
This patch does break stuff, a follow-up is needed which did not get to Linus yet, but is already queued up for stable. Otherwise traceroute is broken: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=85fbaa75037d0b6b786ff18658ddf0b4014ce2a4 I found other leaks in non-inet protocols: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c The protocols where I did remove msg_namelen = 0 where actually safe. Some of the protocols I did not touch could leak up to 128 bytes of uninitialized data from the stack. Hardening against out-of-bounds writes: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=68c6beb373955da0886d8f4f5995b3922ceda4be Also there is a small 2-bytes memory leak in extended error reporting: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=68c6beb373955da0886d8f4f5995b3922ceda4be Greetings, Hannes
Current thread:
- CVE Request: Linux kernel: net: uninitialised memory leakage P J P (Nov 28)
- Re: CVE Request: Linux kernel: net: uninitialised memory leakage Kurt Seifried (Nov 28)
- Re: CVE Request: Linux kernel: net: uninitialised memory leakage Hannes Frederic Sowa (Nov 28)