oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: kernel info leak in tkill/tgkill

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 04 Jun 2013 12:55:22 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/02/2013 11:56 AM, Marcus Meissner wrote:

Hi,

This small Linux kernel info leaks still needs a CVE I think.

b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f Author: Emese Revfy
<re.emese () gmail com> Date:   Wed Apr 17 15:58:36 2013 -0700

kernel/signal.c: stop info leak via the tkill and the tgkill
syscalls

This fixes a kernel memory contents leak via the tkill and tgkill
syscalls for compat processes.

This is visible in the siginfo_t->_sifields._rt.si_sigval.sival_ptr
field when handling signals delivered from tkill.

The place of the infoleak:

int copy_siginfo_to_user32(compat_siginfo_t __user *to, siginfo_t
*from) { ... put_user_ex(ptr_to_compat(from->si_ptr),
&to->si_ptr); ... }

Signed-off-by: Emese Revfy <re.emese () gmail com> Reviewed-by: PaX
Team <pageexec () freemail hu> Signed-off-by: Kees Cook
<keescook () chromium org> Cc: Al Viro <viro () zeniv linux org uk> Cc:
Oleg Nesterov <oleg () redhat com> Cc: "Eric W. Biederman"
<ebiederm () xmission com> Cc: Serge Hallyn
<serge.hallyn () canonical com> Cc: <stable () vger kernel org> 
Signed-off-by: Andrew Morton <akpm () linux-foundation org> 
Signed-off-by: Linus Torvalds <torvalds () linux-foundation org>


Please use CVE-2013-2141 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRrjgZAAoJEBYNRVNeJnmTOQ8P/jy1ODjXitITR3jB1DZtX1yn
PRczwTvDTxDxypF5GMzFmvHYMyRvgMiN8P1XVz5yjEWdrvJRF0uV3S1+yx75GSxJ
BuBT86Vzq8HZ0CAoVpbZlJYpA/NSoWmRjepMhh0KnA9V4LJiWBDf1aZ+z2utPngR
mthyNxm4oI2+sPL1VvEsstBLhiimtTq6lzgb9looSzOnwsw43ybE/BJVZLuYNI9t
bDjIpdYw6AuEsXRBuXHQlQqVD9Qj+Wkx3ZN+jSbQnoYQ4XXINQkp52YcIN0lV4Rm
6Q8bkvTcPipJnvGzXSoXiCReXLAGDDgQmcG+YY+krQNIyq8N4ZiNHyGb5O/XFjUx
Euh41qLi000oeyUAbLWUSO3dIzwtkw1upEl22hmm0wtKJid5HpT1drn0gZXPRDm8
qPgGsaZqtI04E4CiWjJI24/wVhowb/b7TRfpNw15dd3dzV3EJR5zVawZfMZ/vD9l
J1+ydHLr3DVNjoky2wvljlaEHscyBOwLOPs0bHCBGoy/ajSo6Lxa9h0bl4m4DK1+
lzjgACZojblSEhw+usnl5HGCLzexvTn1fKMfBsjN9gj8SL6y4Qr4a/mUioUtwRHw
DMHZzzkJgl3xLq8V+easanK/re0PU4FAiLBr5JkTo18jZnbonit5chPEmP5veON6
txtIdd2HmtInUbllfSIn
=alVA
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: