Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4AA47ECD.1030002@kernel.sg>
Date: Mon, 07 Sep 2009 11:32:29 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
CC: Willy Tarreau <w@....eu>, "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: tc: uninitialised kernel
 memory leak

Solar Designer wrote:
> On Thu, Sep 03, 2009 at 11:45:03AM +0800, Eugene Teo wrote:
>> Three bytes of uninitialised kernel memory are currently leaked to user.
>>
>> http://patchwork.ozlabs.org/patch/32830/
>> https://bugzilla.redhat.com/show_bug.cgi?id=520990
> 
> 2.4 kernels appear to be affected as well, and moreover they appear to
> require at least some of these older fixes as well:
> 
> http://marc.info/?l=git-commits-head&m=112002138324380

This is commit 9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8.

And linux-2.4.37.y needs the following two patches too:

[NETLINK]: Clear padding in netlink messages
b3563c4fbff906991a1b4ef4609f99cca2a0de6a

[NETLINK]: Missing padding fields in dumped structures
8a47077a0b5aa2649751c46e7a27884e6686ccbf

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.