Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20090905175250.GA9500@openwall.com>
Date: Sat, 5 Sep 2009 21:52:50 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Willy Tarreau <w@....eu>
Subject: Re: CVE request: kernel: tc: uninitialised kernel memory leak

On Thu, Sep 03, 2009 at 11:45:03AM +0800, Eugene Teo wrote:
> Three bytes of uninitialised kernel memory are currently leaked to user.
> 
> http://patchwork.ozlabs.org/patch/32830/
> https://bugzilla.redhat.com/show_bug.cgi?id=520990

2.4 kernels appear to be affected as well, and moreover they appear to
require at least some of these older fixes as well:

http://marc.info/?l=git-commits-head&m=112002138324380

Specifically, in net/sched/sch_api.c both tc_fill_qdisc() and
tc_fill_tclass() are affected - the former was fixed in 2.6 in 2005,
the latter is being fixed now.

I'm not sure what this means for CVE.  Should there be another CVE id
for the issues fixed in 2.6 in 2005 (if one was not allocated at the
time), and 2.4 could reference both CVE ids now?

I did not check if any of the affected code is possibly normally only
available to root, but even if so the issue may be relevant on systems
with containers.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.