oss-sec mailing list archives
CVE Request: Linux Kernel: information leak from getsockname
From: Marcus Meissner <meissner () suse de>
Date: Tue, 15 Dec 2015 15:30:02 +0100
Hi, spotted by grsecurity https://twitter.com/grsecurity/status/676744240802750464 https://lkml.org/lkml/2015/12/14/252 http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1 getsockname() for some socket families did not check the length of the passed sockaddr, copying out more kernel memory than required, leaking information from the kernel stack, including kernel addresses. This can be used for KASLR bypass or other information leaks. Ciao, Marcus
Current thread:
- CVE Request: Linux Kernel: information leak from getsockname Marcus Meissner (Dec 15)
- Re: CVE Request: Linux Kernel: information leak from getsockname cve-assign (Dec 15)
- Re: Re: CVE Request: Linux Kernel: information leak from getsockname Marcus Meissner (Dec 16)
- Re: CVE Request: Linux Kernel: information leak from getsockname cve-assign (Dec 16)
- Re: Re: CVE Request: Linux Kernel: information leak from getsockname Marcus Meissner (Dec 16)
- Re: CVE Request: Linux Kernel: information leak from getsockname cve-assign (Dec 15)