oss-security - Re: CVE Request: kernel info leak in tkill/tgkill

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <51AE381A.2030201@redhat.com>
Date: Tue, 04 Jun 2013 12:55:22 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: kernel info leak in tkill/tgkill

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/02/2013 11:56 AM, Marcus Meissner wrote:
> Hi,
> 
> This small Linux kernel info leaks still needs a CVE I think.
> 
> b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f Author: Emese Revfy
> <re.emese@...il.com> Date:   Wed Apr 17 15:58:36 2013 -0700
> 
> kernel/signal.c: stop info leak via the tkill and the tgkill
> syscalls
> 
> This fixes a kernel memory contents leak via the tkill and tgkill
> syscalls for compat processes.
> 
> This is visible in the siginfo_t->_sifields._rt.si_sigval.sival_ptr
> field when handling signals delivered from tkill.
> 
> The place of the infoleak:
> 
> int copy_siginfo_to_user32(compat_siginfo_t __user *to, siginfo_t
> *from) { ... put_user_ex(ptr_to_compat(from->si_ptr),
> &to->si_ptr); ... }
> 
> Signed-off-by: Emese Revfy <re.emese@...il.com> Reviewed-by: PaX
> Team <pageexec@...email.hu> Signed-off-by: Kees Cook
> <keescook@...omium.org> Cc: Al Viro <viro@...iv.linux.org.uk> Cc:
> Oleg Nesterov <oleg@...hat.com> Cc: "Eric W. Biederman"
> <ebiederm@...ssion.com> Cc: Serge Hallyn
> <serge.hallyn@...onical.com> Cc: <stable@...r.kernel.org> 
> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org> 
> Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>

Please use CVE-2013-2141 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRrjgZAAoJEBYNRVNeJnmTOQ8P/jy1ODjXitITR3jB1DZtX1yn
PRczwTvDTxDxypF5GMzFmvHYMyRvgMiN8P1XVz5yjEWdrvJRF0uV3S1+yx75GSxJ
BuBT86Vzq8HZ0CAoVpbZlJYpA/NSoWmRjepMhh0KnA9V4LJiWBDf1aZ+z2utPngR
mthyNxm4oI2+sPL1VvEsstBLhiimtTq6lzgb9looSzOnwsw43ybE/BJVZLuYNI9t
bDjIpdYw6AuEsXRBuXHQlQqVD9Qj+Wkx3ZN+jSbQnoYQ4XXINQkp52YcIN0lV4Rm
6Q8bkvTcPipJnvGzXSoXiCReXLAGDDgQmcG+YY+krQNIyq8N4ZiNHyGb5O/XFjUx
Euh41qLi000oeyUAbLWUSO3dIzwtkw1upEl22hmm0wtKJid5HpT1drn0gZXPRDm8
qPgGsaZqtI04E4CiWjJI24/wVhowb/b7TRfpNw15dd3dzV3EJR5zVawZfMZ/vD9l
J1+ydHLr3DVNjoky2wvljlaEHscyBOwLOPs0bHCBGoy/ajSo6Lxa9h0bl4m4DK1+
lzjgACZojblSEhw+usnl5HGCLzexvTn1fKMfBsjN9gj8SL6y4Qr4a/mUioUtwRHw
DMHZzzkJgl3xLq8V+easanK/re0PU4FAiLBr5JkTo18jZnbonit5chPEmP5veON6
txtIdd2HmtInUbllfSIn
=alVA
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.