oss-sec mailing list archives
Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak
From: John Haxby <john.haxby () oracle com>
Date: Mon, 31 Jul 2017 16:03:57 +0100
On 30/07/17 05:47, sohu0106 wrote:
net/irda/af_irda.c Sometimes irda_getsockopt() doesn't initialize all members of list field of irda_device_list struct. This structure is then copied to userland. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero , or it will allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure https://github.com/torvalds/linux/pull/440
Have you requested a CVE for this? jch
Current thread:
- Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak sohu0106 (Jul 30)
- Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak John Haxby (Jul 31)
- Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak Solar Designer (Jul 31)
- Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak John Haxby (Jul 31)