oss-sec mailing list archives
CVE request: Linux kernel - information leak in md driver
From: Benjamin Randazzo <benjamin () randazzo fr>
Date: Tue, 28 Jul 2015 10:40:37 +0200
Hello, In the md driver of the Linux kernel it’s possible to request a bitmap file for a device, but when bitmap is disabled only the first byte of the buffer is initialized to zero, and then it is copied in user space. This results in an information leak. The patch for this issue was applied and committed in linux-next : http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4 <http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4> (+ merged: http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=348470064e7c42cb08f1c9d6e9f0a7d2865b3b79 <http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=348470064e7c42cb08f1c9d6e9f0a7d2865b3b79>) Could you please generate a CVE id for this? Thanks. Benjamin Randazzo
Current thread:
- CVE request: Linux kernel - information leak in md driver Benjamin Randazzo (Jul 28)
- Re: CVE request: Linux kernel - information leak in md driver cve-assign (Jul 29)