oss-sec mailing list archives
CVE-2019-16714: info leak in RDS rds6_inc_info_copy
From: butt3rflyh4ck <butterflyhuangxx () gmail com>
Date: Tue, 24 Sep 2019 18:28:40 +0800
Hi, there is a info leak vulnerability in rds modules in linux kernel. CVE-2019-16714 ================ description: In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. Fixed in https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736 ================ credit by : the ADLab of venustech.
Current thread:
- CVE-2019-16714: info leak in RDS rds6_inc_info_copy butt3rflyh4ck (Sep 24)