oss-sec mailing list archives

Re: CVE request: Linux kernel / target information leak

From: cve-assign () mitre org
Date: Wed, 11 Jun 2014 15:15:58 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

an information leak in the rd_mcp backend of the iSCSI target
subsystem in the Linux kernel

Introduced in 2.6.38 and fixed in 3.14 with
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc

add explicit memset of pages within rd_allocate_sgl_table() based upon
passed 'init_payload' value.


Use CVE-2014-4027.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTmKpOAAoJEKllVAevmvmsdVsH/RjQUYnVK0zKr7JoC1lSm4MD
fQTujx/hCWPFO4LCl1U9N81qAcX/oFUdsoEE0FC0IFnvZ7HEcczatOdX/ciYLX/y
onVmwxNYtINWDe5EZtDjS5JvJNdd/e5PEGTLFBhRX3AQSei7VzAhyYlvJIe9SqdC
madRM9T5VEhr0mXT9Jr+cS1IppLPrzjnouMr+oHQ1Fztq6EngjWHNpoTqX5nv3QJ
U5qILrscWU6VtnJILoj+EycvqnoXoS24ajNIEuD2PeIpQ5jJcABdBrR6b9ZpCYU7
B61ihNP0xa2yzQC+DGX5q/+i5jy9mX3/lJZQzlqB7IZyQaTO9nLFf9CSchNvIok=
=9yK1
-----END PGP SIGNATURE-----

Current thread:

CVE request: Linux kernel / target information leak Moritz Muehlenhoff (Jun 10)
- Re: CVE request: Linux kernel / target information leak cve-assign (Jun 11)