oss-sec mailing list archives
CVE Request: kernel information leak vulnerability in Linux sound module
From: Kangjie Lu <kangjielu () gmail com>
Date: Sun, 8 May 2016 18:16:50 -0400
Hello, In file sound/core/timer.c of the latest mainline Linux kernel, the stack object “tread” has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user, resulting a kernel leak. Fix info: http://comments.gmane.org/gmane.linux.kernel/2214250 Please help assign a CVE to this vulnerability. Thanks, Kangjie Lu
Current thread:
- CVE Request: kernel information leak vulnerability in Linux sound module Kangjie Lu (May 08)
- Re: CVE Request: kernel information leak vulnerability in Linux sound module cve-assign (May 09)
- Re: Re: CVE Request: kernel information leak vulnerability in Linux sound module Steve Beattie (May 10)
- Re: CVE Request: kernel information leak vulnerability in Linux sound module cve-assign (May 09)