oss-sec mailing list archives
CVE Request: Linux kernel: net: uninitialised memory leakage
From: P J P <ppandit () redhat com>
Date: Thu, 28 Nov 2013 23:10:46 +0530 (IST)
Hello,Linux kernel built with the networking support(CONFIG_NET), is vulnerable to a memory leakage flaw. It occurs while doing the recvmsg(2), recvfrom(2), recvmmsg(2) socket calls.
A user/program could use this flaw to leak kernel memory bytes. Upstream fix: ------------- -> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=bceaa90240b6019ed73b49965eac7d167610be69 Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1035875 Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Current thread:
- CVE Request: Linux kernel: net: uninitialised memory leakage P J P (Nov 28)
- Re: CVE Request: Linux kernel: net: uninitialised memory leakage Kurt Seifried (Nov 28)
- Re: CVE Request: Linux kernel: net: uninitialised memory leakage Hannes Frederic Sowa (Nov 28)