oss-sec mailing list archives

CVE request Linux kernel: isofs: unchecked printing of ER records

From: P J P <ppandit () redhat com>
Date: Wed, 7 Jan 2015 00:42:51 +0530 (IST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    Hello,

Linux kernel built with the iso9660 file system(CONFIG_ISO9660_FS) support isvulnerable to an information leakage flaw. This could occur while accessingdata on an iso9660 image with RockRidge extension reference(ER) records.

An unprivileged user/process could use this flaw to leak (=~255)kernel memorybytes.


Upstream fix:
- -------------
  -> https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUrDOzAAoJEN0TPTL+WwQf2PcQALxIhn9tVXU6kvjlVA+joBmn
7gNDMY/ij02bhf0pNxkoCYSi17Jif7VhUf5ODVGWsi2CzTVIiKh8lSv8ajWbIUV4
X1Pzz5DSXROPunB2ZV+rjdbiIgFthEqsgegSL0OjHtS1lSsJMHnPWkRQYVibCLdd
WdcvbFqqmFmN8yItLDBr+gfgZ1ZNA8guMamiQwZIgVt8NIIGtFss7ggIVRyyWbmb
nwk26DITdd1jX/2nwlHdzqN07GZhaaiwDkHuLiIW1py9fnJ6WiCgL/EEOX113K0O
ArzguZkbIsdiKQdyOcjJvU6wIcavZpWXi0ZEuM4jIpcu5ZxtV0c1/PbZAoSCqXR3
qO4X8H0hifWCFq9Vo5eDs/UCV1EWv9jj3b4q4CDtshyPmsWONMAbiZ0oDbnghF6r
a6N8fw4cv+CYKocsavqVqzM+njkLUM0bKT/heAc3Cu94/pRkh3zTEEslm0YI0uh3
rFjJvB+VCu+Y/exDfEI4tV8A/ics5lBbwfmh1Q5UU+S29G5iWnxx6KZ+o2NJnPlZ
Agf7+07fNuCuhgE4VCqJOWeF83rEZTZgJRmUYFVGqyAai+GHbmuK3XPF9Q0fy3M4
IdJ85P7JC4gOQFvvpnLAnZ4jxW5UBGg7T25Ft6H4Yqss6pqmLjejjJIL9Um46Xnc
ySRJm0OG1qiy6c/+EyTk
=N9Pd
-----END PGP SIGNATURE-----

Current thread:

CVE request Linux kernel: isofs: unchecked printing of ER records P J P (Jan 06)
- Re: CVE request Linux kernel: isofs: unchecked printing of ER records cve-assign (Jan 08)