'Re: [oss-security] CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-07-26 16:54:10
Message-ID: 50117632.5080608 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/26/2012 09:25 AM, Petr Matousek wrote:
> Two similar issues:
> 
> 1) Reported by Jay Fenlason and Doug Ledford: recvfrom() on an RDS
> socket can disclose sizeof(struct sockaddr_storage)-sizeof(struct
> sockaddr_in) bytes of kernel stack to userspace when receiving a
> datagram.
> 
> 2) Reported by Jay Fenlason: recv{from,msg}() on an RDS socket can
> disclose sizeof(struct sockaddr_storage) bytes of kernel stack to
> userspace when other code paths are taken.
> 
> Both issues end in rds_recvmsg() so one CVE is sufficient.
> 
> Upstream commit: 
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=06b6a1cf6e776426766298d055bb3991957d90a7
>  
> Thanks,
> 

Please use CVE-2012-3430 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQEXYvAAoJEBYNRVNeJnmT2xgP/3/+IXnN0/M36uR/5AtDq/Ds
4EW7tgQ6jCa/VxElIM33SaDhvavgSCVEihmlf59NfhcQkpxZpS2WhXLSJt42rcwc
Sd++3P9M99G2dEWbkxZ58A6JoM8svWUN2s6eVHFRCIjrkBLB3ZUqaQ3IGISOPwNo
fxG2aIIF3g6ELfYgwPaiSBQ1GB5dIy88yPIUgziW+fpILkjUpcLIwGu04+il+Tq7
TLEC7jLXPR4lk3g/ZW1Hhl8Ra4Udc+y9Qw9xNcC0A/ev+R35OofqSNl6GqNUQ6iQ
VYBBDuq+BGZHBSj/3HMcg2szoINipBxkRkwYLYFyiLjtMS0lbNSUIFYelIGO6mac
lQW/B9lm9yqbgMRMCZ27P1BDtRmfJfApYRycGSsJHFZ87j3SMpy2CsLxw9Y3CH2E
38/sYVM3DBsz4a0Di3ci2TFW0+PcT9rpOgBfnLybH8AmNFqM76diIgcd9Er32Mbv
V+EuKLEr2dqigj05FnCuwaB++RUYUytxNwKnKSKzqIwVhNOKxBgQwsMPgCjYamxl
iLCptjcXJZ1qZD1NRvNSjrkJVHEZYr8+4AFhltb977UNXsNCjmCiPDmzekGhK6JH
IrqFjLFVaT1FeSqjxVStj/kMRqTFb0rt2RD7LE615N/ml5XAx8NWSJ7qJuLYK4uL
SEea9Kji1W98/iUIznjm
=5tH+
-----END PGP SIGNATURE-----


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic