[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak
From: Solar Designer <solar () openwall ! com>
Date: 2017-07-31 15:24:10
Message-ID: 20170731152410.GA8881 () openwall ! com
[Download RAW message or body]
On Mon, Jul 31, 2017 at 04:03:57PM +0100, John Haxby wrote:
> On 30/07/17 05:47, sohu0106 wrote:
> > net/irda/af_irda.c
> >
> > Sometimes irda_getsockopt() doesn't initialize all members of list field of \
> > irda_device_list struct. This structure is then copied to userland. It leads to leaking \
> > of contents of kernel stack memory. We have to initialize them to zero , or it will allows \
> > local users to obtain potentially sensitive information from kernel stack memory by reading \
> > a copy of this structure
> > https://github.com/torvalds/linux/pull/440
>
> Have you requested a CVE for this?
Both messages sohu0106 posted initially had the Subject of "CVE request:
kernel stack infoleaks", which I changed to the two more specific
Subjects before approving the messages. (I do that to especially
non-descriptive Subjects from time to time, as long as the messages were
not CC'ed to elsewhere. I leave message bodies entirely intact.)
Thus, sohu0106 wanted to request the CVEs from this list, and apparently
didn't request them elsewhere. sohu0106, this list is no longer a place
to request CVEs from, but we appreciate the vulnerability notifications.
You may request the CVEs from https://cveform.mitre.org and then post
them in here, "replying" to your own messages on the list.
sohu0106, have you also reported these issues upstream? For the
net/irda/af_irda.c issue, from the MAINTAINERS file:
IRDA SUBSYSTEM
M: Samuel Ortiz <samuel@sortiz.org>
L: irda-users@lists.sourceforge.net (subscribers-only)
L: netdev@vger.kernel.org
W: http://irda.sourceforge.net/
S: Maintained
T: git git://git.kernel.org/pub/scm/linux/kernel/git/sameo/irda-2.6.git
F: Documentation/networking/irda.txt
F: drivers/net/irda/
F: include/net/irda/
F: net/irda/
For the driver/video/fbdev/aty/atyfb_base.c issue I guess it's
linux-fbdev@vger.kernel.org, although there's no perfect match for that
filename. In both cases, CC the messages to LKML.
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic