'[oss-security] CVE-2019-16714: info leak in RDS rds6_inc_info_copy'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2019-16714: info leak in RDS rds6_inc_info_copy
From:       butt3rflyh4ck <butterflyhuangxx () gmail ! com>
Date:       2019-09-24 10:28:40
Message-ID: CAFcO6XOjcW7g=sS6DbjRY983i1nteHyA2nNBK_+Gbj6OmFVNXQ () mail ! gmail ! com
[Download RAW message or body]

Hi, there is a info leak vulnerability in rds modules in linux kernel.

CVE-2019-16714
================
description:

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c
allows attackers to obtain sensitive information from kernel stack memory
because tos and flags fields are not initialized.

Fixed in
https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736

================

credit by :

the ADLab of venustech.

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic