oss-sec mailing list archives
CVE Request: kernel information leak vulnerability in rtnetlink
From: Kangjie Lu <kangjielu () gmail com>
Date: Wed, 4 May 2016 16:47:53 -0400
Hello, The rtnetlink module of Linux kernel has ab information leak vulnerability In the file "net/core/rtnetlink.c", The stack object “map” has a total size of 32 bytes. Its last 4 bytes are padding generated by compiler. These padding bytes are not initialized and sent out via “nla_put”. Fix info: *http://marc.info/?l=linux-netdev&m=146230822606494&w=2 <http://marc.info/?l=linux-netdev&m=146230822606494&w=2>* *http://marc.info/?l=linux-netdev&m=146239324530095&w=2 <http://marc.info/?l=linux-netdev&m=146239324530095&w=2>* Please help assign a CVE to this vulnerability. Thanks a lot! Kangjie Lu
Current thread:
- CVE Request: kernel information leak vulnerability in rtnetlink Kangjie Lu (May 04)
- Re: CVE Request: kernel information leak vulnerability in rtnetlink cve-assign (May 04)