oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: information leak in devio of Linux kernel

From: cve-assign () mitre org
Date: Wed, 4 May 2016 01:28:40 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


In the USB module (drivers/usb/core/devio.c), The stack object "ci" has a
total
size of 8 bytes. Its last 3 bytes are padding bytes which are not
initialized and
leaked to userland

http://www.spinics.net/lists/linux-usb/msg140243.html

https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/log/drivers/usb/core/devio.c
(not yet there; probably soon)


Use CVE-2016-4482.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXKYeVAAoJEHb/MwWLVhi2HVgP/1PZ63KIkqDmy/qRT0FjYG13
L5SvXGvwD/uo9GEf5Ml27JTEnJ3GAGno0Rvo8x44739X4KJijhoJYiqhxg2gmakM
aXtuCjLVry5RBak+VZbclmKIIei+WNuPIhzBJ9PGIP0hxmMJtXgGxq41HZGJbQYj
RzrQlJcmu7TixXCpPwxPFP+APMQaiB7i8M4x+lNfBSDs42eeqBlJJdCP7OCk3Bw/
ROHI9+UaUko5tbvL/sFQoiA/53BKW2/iGT+X9belfRc93guZibKmlBxtgw3TKnKH
MTSGnHiPmkGGcQU8R3QEiBdFvUuPeJvlkSjP3sLW4oYm+MC+HcJX2u90uYzzb0xJ
EW/9jq4gt9X8UNRRGZEAaJTw/lSYocDWB7pF7DVEu1Gxuv7pQlUNtwvu3PAFRJfF
ulVqU8Cp9S/rOEoAIxSoaUbH8mHSVFwo9sASn1KIeMZzHkjZs2wvLu8MMW2g8R2j
Oj+lgNmGAqw4AUXY9GlqG0Z6CUMxZRWUoGyeLKceDK2dlQv390YgZOoeWvbONU1N
DC6qV9F/i+EYwWgS8LN1m6Kly0nPRsH0COPfZA8+APoVvtetBMMgDCG93sGbE12j
SEI/tu19i118D3Nq1kQWhXQh1xpsgKy+X9gMxWJAbHuzdYX5Jwn0wJqctEXjNVaz
Plv7PbXJ7DAoP8bNb/Ry
=3AUJ
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: