Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Nov 2010 18:19:56 -0400
From: Dan Rosenberg <>
Subject: CVE request: kernel: CAN information leak

The CAN protocol uses the address of a kernel heap object as a proc
filename, revealing information that could be useful during

The below post also mentions a heap overflow.  While there is a
semantic overflow (17 bytes being copied into a 9-byte buffer), in
reality, the object whose member is being overflowed resides in a
kernel heap slab cache that includes enough padding that there is no
possible corruption.  So, it's a bug but not a vulnerability.



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ