oss-sec mailing list archives
Re: CVE request Linux kernel: udf: information leakage when reading symlink
From: cve-assign () mitre org
Date: Wed, 3 Jun 2015 14:02:41 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Linux kernel built with the UDF file system(CONFIG_UDF_FS) support is vulnerable to an information leakage issue. It could occur while reading symlink information from corrupted/malicious udf file system image. An unprivileged user could use this flaw to leak kernel memory bytes. Upstream fix: ------------- -> https://git.kernel.org/linus/0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14
This seems to be about constructing a new string without checking whether there is space for the characters as well as the '\0' at the end. Use CVE-2014-9731. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVb0ASAAoJEKllVAevmvmsYHIH/Rx6YNQQ8TODavpp1pNvdy9A OqiKyNZaP/u+B+MhkonVyNJraOBiH5FioZRnXQRktD0iD04p01WiDOJhfggJyuCy FrITqzjcN2AzOt7MXyk5LWFDoRDtfGoCStL07+LosISrB5Q2MbCGgTz8zQLJh33a F593qe1zGqqMKB3TLL5nIWKRNszT2+g9bbk9lUI03RSfUJE5KhFaCZ9t8/OA4RwB gCR4LcFDRtPz31dsJ1isE7oip7QfFf25B56GzyInJPHTSrSw9etlKnOTko7izOWu FGpcVF0G8q0U+1SMfUmHYrRtkw45PhMEzqxlv0nDQyEdZaIlj30umuOw49NRNRo= =jrz8 -----END PGP SIGNATURE-----
Current thread:
- CVE request Linux kernel: udf: information leakage when reading symlink P J P (Jun 03)
- Re: CVE request Linux kernel: udf: information leakage when reading symlink cve-assign (Jun 03)