[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: memory disclosure in SO_BSDCOMPAT
From:       Eugene Teo <eugene () redhat ! com>
Date:       2009-02-25 2:06:28
Message-ID: 49A4A7A4.7040800 () redhat ! com
[Download RAW message or body]

Eugene Teo wrote:
> Steven M. Christey wrote:
>> ======================================================
>> Name: CVE-2009-0676
> [...]
>> The sock_getsockopt function in net/core/sock.c in the Linux kernel
>> before 2.6.28.6 does not initialize a certain structure member, which
>> allows local users to obtain potentially sensitive information from
>> kernel memory via an SO_BSDCOMPAT getsockopt request.
> 
> The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note 
> that the same problem of leaking kernel memory will reappear if someone 
> on some architecture uses struct timeval with some internal padding (for 
> example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to 
> leak the padded bytes to userspace.
> 
> net: amend the fix for SO_BSDCOMPAT gsopt infoleak
> http://marc.info/?l=linux-kernel&m=123540732700371&w=2
> http://marc.info/?l=linux-netdev&m=123543237010175&w=2

Upstream commit: 50fee1dec5d71b8a14c1b82f2f42e16adc227f8b.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]