|
Message-Id: <F696688A-7DBF-4218-9FDB-C73194148E93@randazzo.fr> Date: Tue, 28 Jul 2015 10:40:37 +0200 From: Benjamin Randazzo <benjamin@...dazzo.fr> To: oss-security@...ts.openwall.com Subject: CVE request: Linux kernel - information leak in md driver Hello, In the md driver of the Linux kernel it’s possible to request a bitmap file for a device, but when bitmap is disabled only the first byte of the buffer is initialized to zero, and then it is copied in user space. This results in an information leak. The patch for this issue was applied and committed in linux-next : http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4 <http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4> (+ merged: http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=348470064e7c42cb08f1c9d6e9f0a7d2865b3b79 <http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=348470064e7c42cb08f1c9d6e9f0a7d2865b3b79>) Could you please generate a CVE id for this? Thanks. Benjamin Randazzo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.