oss-sec mailing list archives

CVE Request: kernel information leak vulnerability in rtnetlink

From: Kangjie Lu <kangjielu () gmail com>
Date: Wed, 4 May 2016 16:47:53 -0400

Hello,

The rtnetlink module of Linux kernel has ab information leak vulnerability
In the file "net/core/rtnetlink.c", The stack object “map” has a total size
of
32 bytes. Its last 4 bytes are padding generated by compiler. These padding
bytes are not initialized and sent out via “nla_put”.


Fix info:
*http://marc.info/?l=linux-netdev&m=146230822606494&w=2
<http://marc.info/?l=linux-netdev&m=146230822606494&w=2>*
*http://marc.info/?l=linux-netdev&m=146239324530095&w=2
<http://marc.info/?l=linux-netdev&m=146239324530095&w=2>*

Please help assign a CVE to this vulnerability.



Thanks a lot!
Kangjie Lu

Current thread:

CVE Request: kernel information leak vulnerability in rtnetlink Kangjie Lu (May 04)
- Re: CVE Request: kernel information leak vulnerability in rtnetlink cve-assign (May 04)