oss-sec mailing list archives
Re: CVE request: Linux kernel / target information leak
From: cve-assign () mitre org
Date: Wed, 11 Jun 2014 15:15:58 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
an information leak in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel
Introduced in 2.6.38 and fixed in 3.14 with https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
add explicit memset of pages within rd_allocate_sgl_table() based upon passed 'init_payload' value.
Use CVE-2014-4027. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTmKpOAAoJEKllVAevmvmsdVsH/RjQUYnVK0zKr7JoC1lSm4MD fQTujx/hCWPFO4LCl1U9N81qAcX/oFUdsoEE0FC0IFnvZ7HEcczatOdX/ciYLX/y onVmwxNYtINWDe5EZtDjS5JvJNdd/e5PEGTLFBhRX3AQSei7VzAhyYlvJIe9SqdC madRM9T5VEhr0mXT9Jr+cS1IppLPrzjnouMr+oHQ1Fztq6EngjWHNpoTqX5nv3QJ U5qILrscWU6VtnJILoj+EycvqnoXoS24ajNIEuD2PeIpQ5jJcABdBrR6b9ZpCYU7 B61ihNP0xa2yzQC+DGX5q/+i5jy9mX3/lJZQzlqB7IZyQaTO9nLFf9CSchNvIok= =9yK1 -----END PGP SIGNATURE-----
Current thread:
- CVE request: Linux kernel / target information leak Moritz Muehlenhoff (Jun 10)
- Re: CVE request: Linux kernel / target information leak cve-assign (Jun 11)