oss-sec mailing list archives
Re: CVE Request: kernel information leak vulnerability in Linux sound module
From: cve-assign () mitre org
Date: Mon, 9 May 2016 19:29:09 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
http://comments.gmane.org/gmane.linux.kernel/2214250 The stack object "tread" has a total size of 32 bytes. Its field "event" and "val" both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized.
Use CVE-2016-4569. This is not yet available at http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/sound/core/timer.c but may be there later. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXMRzFAAoJEHb/MwWLVhi2mMAP/3G1B/9smkpGJB5/VGfvpifs Nzkd+Jy6CHSi+Q0A91h1YdTrLwtFQMffVo0keZd8gYarApxSpA8qiRVK1sc3bsZ6 Um9NW+4dVLjUZ+RjQ0RjDMjKWbTHFyzZC8Z8DiY8ZXMzpY4UaylEVP9auSCUXvmq 4p8guXW+6PdoaDarFqTVW/fpSfk2gHFxbkWZ602xUdXTn8ZGkItv25dvtVgp21IP zOfaZmZG+yPjOPCMEQNm3TcuJ7jFeq/KpsuLmtyY/EOBUNqZpRtJBtEPTMMkxlNZ BaDuV1SrJsXu7ZDsfdz+Yx+57Wa/gDkOsVnFlJyTR6NOrtJfjwJG+dYZYAA0bg4N KliqQTCOhGGkPGOB52zRg9UYg+7d/dEqcL2oP6Xuvr74aY1CZepbD+zDMkympXuQ Wu93c5Hh05g3xOwNj+90s3u8DQ0sDJlfizUXWbStEmBJNwno6y/HjSVJqs/vjZWk ERyWZd4vkVGbt4rBoTCNdxUi+V1k04xQGM6dF1XUSQd4rhQ0HJKRva10ac90JVSx pt/KPWxL89MxWLOmHP5VdIHFoQyFre4a4fOzFMovixB0RJsm5/iZ3lAKPc0RKsu6 ZgtaujTVAkMAtFM0tfCybSI++JEsYIMV5Rr9cNkSYSVZYKbn0A+i+mH3luREBJyF 6rS0YTVBB5kAR9DgUc2n =I4nm -----END PGP SIGNATURE-----
Current thread:
- CVE Request: kernel information leak vulnerability in Linux sound module Kangjie Lu (May 08)
- Re: CVE Request: kernel information leak vulnerability in Linux sound module cve-assign (May 09)
- Re: Re: CVE Request: kernel information leak vulnerability in Linux sound module Steve Beattie (May 10)
- Re: CVE Request: kernel information leak vulnerability in Linux sound module cve-assign (May 09)