oss-sec mailing list archives
Re: CVE Request: kernel info leak in tkill/tgkill
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 04 Jun 2013 12:55:22 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/02/2013 11:56 AM, Marcus Meissner wrote:
Hi, This small Linux kernel info leaks still needs a CVE I think. b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f Author: Emese Revfy <re.emese () gmail com> Date: Wed Apr 17 15:58:36 2013 -0700 kernel/signal.c: stop info leak via the tkill and the tgkill syscalls This fixes a kernel memory contents leak via the tkill and tgkill syscalls for compat processes. This is visible in the siginfo_t->_sifields._rt.si_sigval.sival_ptr field when handling signals delivered from tkill. The place of the infoleak: int copy_siginfo_to_user32(compat_siginfo_t __user *to, siginfo_t *from) { ... put_user_ex(ptr_to_compat(from->si_ptr), &to->si_ptr); ... } Signed-off-by: Emese Revfy <re.emese () gmail com> Reviewed-by: PaX Team <pageexec () freemail hu> Signed-off-by: Kees Cook <keescook () chromium org> Cc: Al Viro <viro () zeniv linux org uk> Cc: Oleg Nesterov <oleg () redhat com> Cc: "Eric W. Biederman" <ebiederm () xmission com> Cc: Serge Hallyn <serge.hallyn () canonical com> Cc: <stable () vger kernel org> Signed-off-by: Andrew Morton <akpm () linux-foundation org> Signed-off-by: Linus Torvalds <torvalds () linux-foundation org>
Please use CVE-2013-2141 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRrjgZAAoJEBYNRVNeJnmTOQ8P/jy1ODjXitITR3jB1DZtX1yn PRczwTvDTxDxypF5GMzFmvHYMyRvgMiN8P1XVz5yjEWdrvJRF0uV3S1+yx75GSxJ BuBT86Vzq8HZ0CAoVpbZlJYpA/NSoWmRjepMhh0KnA9V4LJiWBDf1aZ+z2utPngR mthyNxm4oI2+sPL1VvEsstBLhiimtTq6lzgb9looSzOnwsw43ybE/BJVZLuYNI9t bDjIpdYw6AuEsXRBuXHQlQqVD9Qj+Wkx3ZN+jSbQnoYQ4XXINQkp52YcIN0lV4Rm 6Q8bkvTcPipJnvGzXSoXiCReXLAGDDgQmcG+YY+krQNIyq8N4ZiNHyGb5O/XFjUx Euh41qLi000oeyUAbLWUSO3dIzwtkw1upEl22hmm0wtKJid5HpT1drn0gZXPRDm8 qPgGsaZqtI04E4CiWjJI24/wVhowb/b7TRfpNw15dd3dzV3EJR5zVawZfMZ/vD9l J1+ydHLr3DVNjoky2wvljlaEHscyBOwLOPs0bHCBGoy/ajSo6Lxa9h0bl4m4DK1+ lzjgACZojblSEhw+usnl5HGCLzexvTn1fKMfBsjN9gj8SL6y4Qr4a/mUioUtwRHw DMHZzzkJgl3xLq8V+easanK/re0PU4FAiLBr5JkTo18jZnbonit5chPEmP5veON6 txtIdd2HmtInUbllfSIn =alVA -----END PGP SIGNATURE-----
Current thread:
- CVE Request: kernel info leak in tkill/tgkill Marcus Meissner (Jun 02)
- Re: CVE Request: kernel info leak in tkill/tgkill Kurt Seifried (Jun 04)