oss-sec mailing list archives
CVE request: Linux kernel: nfs: information leakage
From: P J P <ppandit () redhat com>
Date: Thu, 20 Feb 2014 15:04:11 +0530 (IST)
Hello,Linux kernel build with the NFS file system(CONFIG_NFS_FS) along with the support for NFSv4 protocol(CONFIG_NFS_V4) is vulnerable to an information leakage flaw. It could occur while writing to a file wherein NFS server has offered write delegation to the client. Such delegation allows NFS client to perform the said operation locally without instant interaction with the server.
A user/program could use this flaw to leak kernel memory bytes. Upstream fix: ------------- -> https://git.kernel.org/linus/263b4509ec4d47e0da3e753f85a39ea12d1eff24 Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1067341 Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Current thread:
- CVE request: Linux kernel: nfs: information leakage P J P (Feb 20)
- Re: CVE request: Linux kernel: nfs: information leakage cve-assign (Feb 20)
- Re: Re: CVE request: Linux kernel: nfs: information leakage P J P (Feb 20)
- Re: CVE request: Linux kernel: nfs: information leakage cve-assign (Feb 20)