oss-sec mailing list archives

CVE Request -- kernel stack disclosure in binfmt_script load_script()

From: P J P <ppandit () redhat com>
Date: Fri, 19 Oct 2012 17:58:12 +0530 (IST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A memory disclosure flaw has been found in the way binfmt_script load_script()function handled excessive recursions. An unprivileged local user could usethis flaw to leak kernel memory.


Proposed upstream fix:
 - https://lkml.org/lkml/2012/9/23/29

References:
 - https://lkml.org/lkml/2012/8/18/75
 - http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/

Thank you.
- --
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQgUdcAAoJENBIeGA2VWArvqwP/iGzUS3S8CeCS2a12rqS+rth
0V5aGT2oSC7g8R6d9DzbfS/u3U9+QUQDImkPv7KvREWUBYIrFy8v+qSy3DgdUq9e
H700gLvgIj50IrEo807optzM7MtHuQY8RUMZL/IMPeLr55gvH9P3f9abDbTVjHTI
fnihwpCpzSHmuUALWGKDRH1PG2ZvW8KrxL8Iw7HoQLIK+RPvtWMtGoqdI1fRslW1
1em+3oM9vexYT1vWvPDTWDAvrbzG/l5x4FCOAwl6dS9GrhDtaFDUaX87jgZE+P+Z
uk0u9rD4Q1wg6iQSHHTHWFGosTJs4UQLDPvAd6Y1U+I+H4AIg6+SeYqTIEzm+C9l
hgM3086Ur5bRlyhryMzbozGBRnoo+Az5SscZLIdP9Xir8P7KcUdsH6LZprwe2GGs
zrFlSwiGVjf7Br/B9HKAeimzc3VS5hVuA78AAUDTAFin2Y8QLl51+srduIhmQ9Fx
TTFRal1nWZMsx9KWbzAFr2FCicWYvhfrCx55HPX4NHwNI/8tMCG/YWglEq1y3pbf
Cl8dNCdYPBN0VLvAOEb/uOwLkww9zJyQKhI7ezVGRuBVVpCnW6I7wmAQiNWE/L/W
WDkE7nUR96OHRmcY18Tlt/SaGkRHXeG1epaTvEhE1+/Ca6tN0dZZznG0XpScUAId
w215frss3fNKnN8vkvlB
=gVkm
-----END PGP SIGNATURE-----

Current thread:

CVE Request -- kernel stack disclosure in binfmt_script load_script() P J P (Oct 19)
- Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() Kurt Seifried (Oct 19)
  - Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() P J P (Oct 20)