Re: CVE request: kernel: numerous infoleaks

[Dan Rosenberg <dan.j.rosenberg () gmail com>]

Jeff Mahoney correctly pointed out that the first case
(drivers/net/tulip/de4x5.c) is not a security issue because the copied
data is from a union, not a struct.  I've gone through these again to
confirm that the remaining three are actually security issues.

Therefore, CVE-2010-3295 should be marked as invalid.

-Dan

On Tue, Sep 14, 2010 at 3:26 PM, Josh Bressers <bressers () redhat com> wrote:
> ----- "Eugene Teo" <eugene () redhat com> wrote:
>
> > Reported by Dan Rosenberg,
> >
> > drivers/net/tulip/de4x5.c: reading uninitialized stack memory
> > http://lkml.org/lkml/2010/9/11/169
> > https://bugzilla.redhat.com/633158
>
> CVE-2010-3295
>
> > drivers/net/cxgb3/cxgb3_main.c reading uninitialized stack memory
> > http://lkml.org/lkml/2010/9/11/170
> > introduced in 4d22de3e (v2.6.21-rc2)
> > https://bugzilla.redhat.com/633149
>
> CVE-2010-3296
>
> > drivers/net/eql.c: reading uninitialized stack memory
> > http://lkml.org/lkml/2010/9/11/168
> > https://bugzilla.redhat.com/633145
>
> CVE-2010-3297
>
> > drivers/net/usb/hso.c: reading uninitialized memory
> > http://lkml.org/lkml/2010/9/11/167
> > introduced in 542f5482 (v2.6.29-rc1)
> > https://bugzilla.redhat.com/633140
>
> CVE-2010-3298
>
> Thanks.
>
> --
>    JB