oss-sec mailing list archives
Re: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 25 Nov 2013 14:39:48 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/25/2013 05:12 AM, Jonathan Salwan wrote:
Hello, The Genlock driver does not properly initialize all members of a structure before copying it to user space. This allows a local attacker to obtain potentially sensitive information from kernel stack memory via ioctl system calls.
This should be classified as CWE-200 Information Disclosure, "memory leak" refers to memory being used and not released properly, resulting in out of memory conditions.
Upstream fixes: https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3 Could you please assign a CVE id for this issue? Thanks, - Jonathan
Please use CVE-2013-6392 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSk8OkAAoJEBYNRVNeJnmTlEUP/1TrJoUCoRFq3Yq6y60Yzc0J W0xPsRy4HvT74bXg0VzwymuzIue9LqzzDlEFPSPDPDF3iEpXiLCOjLwvhu7FE03X YSnfCqIcTtaMDUBsFNDCq5Ze7I82O8ttu3ThSqaURcS8BPKYNqhJ3U+lUh8CUI1k myMbAmec+pUvg2HhEd8eeL3VIL2TmbIK8weI19EM9JdV/pG1m4lwpKXcui7L68ax F6kX9ZLsETN0OL5DXthKStg79eD/8rO5gptQ/Ks1QqRooUzzeTW9iCTlQ8qHrpEz V7o/2M4nKNVvneBnDXDQrTSo4+xiMSm74BA/k5qdm8nWHJOHXFUJD+m+F9Cgfjap YKAxqOrIUzCz/8ffm3En+yMdXcZyALfHqMauLzRIumNkzGrVHZsZKHus76hHNd4B SbUoosGKUw9ZBhajE3KIzjnir6kVnz2GS7HCL3RvTt0/Hbqfo8Q8dOYrM/Ffxj08 0MiWQ3epvuwrvsSYzcA3kSA9eytnKiv/qqDO1Y7w5vhqJNf5Tkh6I1gN9IaC/ZYV dVGCRxMQwqeLH6enMXZrEmb/y5ko0gS68AW6fA8K/7PH1GGBofyh1a0ufDQx0rQW iLjZ++Swo6k16LUHIY2o1G3mBfqdeGizC4tOrWfK4DTFJFoZFK+K7zfkw09YoS/B rt7xxAwqZzf9TA90DQEs =htq/ -----END PGP SIGNATURE-----
Current thread:
- CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Jonathan Salwan (Nov 25)
- Re: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Kurt Seifried (Nov 25)
- RE: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Christey, Steven M. (Nov 25)
- Re: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Seth Arnold (Nov 25)
- Re: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Ramon de C Valle (Nov 25)
- RE: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Christey, Steven M. (Nov 25)
- Re: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Kurt Seifried (Nov 25)