Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20151021214927.7D7506C0087@smtpvmsrv1.mitre.org>
Date: Wed, 21 Oct 2015 17:49:27 -0400 (EDT)
From: cve-assign@...re.org
To: speirofr@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>  * vivid-osd.c - osd support for testing overlays.
>  *
>  * Copyright 2014 Cisco Systems, Inc.
> 
> http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c
> fails to initialize the 16 _reserved bytes of struct fb_vblank

Use CVE-2015-7884.


>  * Copyright 2003 Digi International (www.digi.com)
>  * This file implements the mgmt functionality for the
>  * Neo and ClassicBoard based product lines.
> http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05
> fails to initialize the 16 _reserved bytes of struct digi_dinfo

Use CVE-2015-7885.


(These are similar types of issues located in unrelated files that
presumably were introduced into the Linux kernel at different points
in the past. The code that has the missing memset lines is also
included in downloads such as
https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.2.3.tar.xz.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWKAb4AAoJEL54rhJi8gl5bgsQAMParW1DV8nkU5UruaCVBSL2
TcBRj0LK/tt5NbPdp2XmA1iDVVS36F99kgFB3QkTqUMW8jtHdoFhyZJ8zaMgDEd1
h7e0Xv2S5Nh9gY72y18JCP2X7YMyAjgiL8VpnsKm2YBRxi+K9IByz7/hF1h6zZWj
N2+pVK7vuQdkFvdVICBMdFxM9M0ETYrKNg+R0HU17aFKSvnh1WvyYk2lY8CPWTYh
VmDV8U3xU6CYE0ZUbgbmaoKGU7Q6JsqoZ1lGzW+ic9q/g2ccvEjcid38WDBlSKUD
TLztqx1B7eDkdb/CuSpuxDEkYhNAVwH3UlPft3wRx0zzXFSUGfD+FBO13MLvQtLY
3i9l1zlupXKH79A+uvDMhK6oNqLcSZeqNB+EoCYD0FPjzy0LmShVEcGsejrYgnOx
/7XY/l1yvkhkyxeisrGLQuO6+XteI+9AWC+DMJa2aB7Ce25Mpo4sf4W6apLNGfZu
rRxA1vKLiDYJgApXgzpL/1G3/0aYMXKMbqS8dwuQ5wzFZXrZg92kI6F/qsU7jVAB
n0iZeAkDJETavV50Ie8fzwNmM9v34v+2N2E9Eo3QQYrDZS++sWRzozx4UO2f1r/2
yfQgK+4jINpA6mvE231lzULWKb57sh6oEHSUZ+HeVPog/w+dmGD/lJ5AMm+W3PPW
QK2Q/TS+rGKeY/pKIzjl
=zgZN
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.