oss-sec mailing list archives
Re: CVE request: kernel: tc: uninitialised kernel memory leak
From: Willy Tarreau <w () 1wt eu>
Date: Mon, 7 Sep 2009 07:06:08 +0200
On Mon, Sep 07, 2009 at 11:32:29AM +0800, Eugene Teo wrote:
Solar Designer wrote:On Thu, Sep 03, 2009 at 11:45:03AM +0800, Eugene Teo wrote:Three bytes of uninitialised kernel memory are currently leaked to user. http://patchwork.ozlabs.org/patch/32830/ https://bugzilla.redhat.com/show_bug.cgi?id=5209902.4 kernels appear to be affected as well, and moreover they appear to require at least some of these older fixes as well: http://marc.info/?l=git-commits-head&m=112002138324380This is commit 9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8. And linux-2.4.37.y needs the following two patches too: [NETLINK]: Clear padding in netlink messages b3563c4fbff906991a1b4ef4609f99cca2a0de6a [NETLINK]: Missing padding fields in dumped structures 8a47077a0b5aa2649751c46e7a27884e6686ccbf
Thanks Eugene, that's very kind. I have merged all 4 patches and pushed them to the master repo. I'm not releasing right now because those vulns are minor and I still have other issues to fix. Regards, Willy
Current thread:
- Re: CVE request: kernel: tc: uninitialised kernel memory leak Willy Tarreau (Sep 07)
- <Possible follow-ups>
- Re: CVE request: kernel: tc: uninitialised kernel memory leak Eugene Teo (Sep 07)
- Re: CVE request: kernel: tc: uninitialised kernel memory leak Willy Tarreau (Sep 07)
- Re: CVE request: kernel: tc: uninitialised kernel memory leak Steven M. Christey (Sep 16)
- Re: CVE request: kernel: tc: uninitialised kernel memory leak Eugene Teo (Sep 16)
- Re: CVE request: kernel: tc: uninitialised kernel memory leak Willy Tarreau (Sep 16)