oss-sec mailing list archives
CVE Request: kernel information leak vulnerability in llc module
From: Kangjie Lu <kangjielu () gmail com>
Date: Wed, 4 May 2016 16:43:36 -0400
Hello, We found a kernel information leak vulnerability in the llc module. In the file "net/llc/af_llc.c", The stack object “info” has a total size of 12 bytes. Its last byte is padding which is not initialized and leaked via “put_cmsg”. Our patch to this vulnerability has been accepted and applied by linux kernel maintainer (please refer to the message bellow). Fix info: http://marc.info/?l=linux-netdev&m=146239325130106&w=2 http://marc.info/?l=linux-kernel&m=146239321930088&w=2 Please help assign a CVE to this vulnerability. Thanks a lot! Kangjie Lu ---------- Forwarded message ---------- From: David Miller <davem () davemloft net> Date: Wed, May 4, 2016 at 4:20 PM Subject: Re: [PATCH] fix infoleak in llc To: kangjielu () gmail com Cc: acme () ghostprotocols net, netdev () vger kernel org, linux-kernel () vger kernel org, taesoo () gatech edu, insu () gatech edu, kjlu () gatech edu From: Kangjie Lu <kangjielu () gmail com> Date: Tue, 3 May 2016 16:35:05 -0400
The stack object “info” has a total size of 12 bytes. Its last byte is padding which is not initialized and leaked via “put_cmsg”. Signed-off-by: Kangjie Lu <kjlu () gatech edu>
Applied.
Current thread:
- CVE Request: kernel information leak vulnerability in llc module Kangjie Lu (May 04)
- Re: CVE Request: kernel information leak vulnerability in llc module cve-assign (May 04)