oss-sec mailing list archives

Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt

From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 04 Mar 2009 23:07:07 +0100

* Eugene Teo:

Eugene Teo wrote:

On Tue, Mar 3, 2009 at 6:49 AM, Steven M. Christey
<coley () linus mitre org> wrote:

On Wed, 25 Feb 2009, Eugene Teo wrote:

Eugene Teo wrote:

[...]
The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note
that the same problem of leaking kernel memory will reappear if someone
on some architecture uses struct timeval with some internal padding (for
example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to
leak the padded bytes to userspace.

Is this going to require a separate CVE identifier?  If a new minor
version of the kernel wasn't released yet, then I'd consider the fix to be
little more than a couple patch-discussion messages in a single Bugzilla
entry.


No, it shouldn't. Please use the same CVE name. Thanks.


But you might want to add the link to the new CVE-2009-0676 patch in:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676


BTW, the reproducer I saw in your bug tracker doesn't initialize the
len field.  It only worked for me after I fixed that.

Current thread:

CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Eugene Teo (Feb 19)
- Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Steven M. Christey (Feb 22)
  - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Eugene Teo (Feb 23)
    - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Eugene Teo (Feb 24)
    - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Steven M. Christey (Mar 02)
    - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Eugene Teo (Mar 02)
    - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Eugene Teo (Mar 03)
    - Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt Florian Weimer (Mar 04)