oss-sec mailing list archives
Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush
From: Marcus Meissner <meissner () suse de>
Date: Wed, 3 Jul 2013 18:35:33 +0200
On Wed, Jul 03, 2013 at 11:02:13AM +0200, Marcus Meissner wrote:
Hi, Michal Hocko identified an earlier patch for an AF_KEY information leak, in nearly the same place as CVE-2013-2234.
URL: https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40
Due to different time of fix and different researcher probably
needs a new CVE.
Ciao, Marcus
commit 85dfb745ee40232876663ae206cba35f24ab2a40
Author: Nicolas Dichtel <nicolas.dichtel () 6wind com>
Date: Mon Feb 18 16:24:20 2013 +0100
af_key: initialize satype in key_notify_policy_flush()
This field was left uninitialized. Some user daemons perform check against this
field.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel () 6wind com>
Signed-off-by: Steffen Klassert <steffen.klassert () secunet com>
Current thread:
- CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Kurt Seifried (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)