Date: Wed, 16 Feb 2011 08:46:22 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request - kernel: xfs infoleak ----- Original Message ----- > From Dan R0s3nbug5, "The FSGEOMETRY_V1 ioctl (and its compat equivalent) > calls out to xfs_fs_geometry() with a version number of 3. This code > path does not fill in the logsunit member of the passed xfs_fsop_geom_t, > leading to the leaking of four bytes of uninitialized stack data to > potentially unprivileged callers. Since all other members are filled in > all code paths and there are no padding bytes in this structure, it's > safe to avoid an expensive memset() in favor of just clearing this one > field." > > https://patchwork.kernel.org/patch/555461/ > https://bugzilla.redhat.com/show_bug.cgi?id=677260 > Please use CVE-2011-0711. Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ