Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CALJHwhRhh=RqEH+m3CfT4KsuG3m3LgMC9vRZh4QFXSTkV-PtUg@mail.gmail.com>
Date: Wed, 27 Apr 2016 12:30:57 +1000
From: Wade Mealing <wmealing@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-0723: Linux kernel: Kernel memory disclosure.

A flaw was discovered in the linux kernel tty subsystem which allows
for disclosure of uncontrolled memory location and possible kernel
panic. The information leak is caused by a race condition when
attempting to set and read the tty line discipline.

An attacker can use the TIOCSETD (via tty_set_ldisc ) to switch to a
new line discipline, a concurrent call to with a TIOCGETD ioctl
performs a read on a given tty may be able to access memory previously
 allocated.  Up to 4 bytes may leaked to userspace when querying the
line discipline.

Thanks,

Wade Mealing
Red Hat Product Security

Upstream fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439

Upstream discussion:
http://lkml.iu.edu/hypermail/linux/kernel/1511.3/03045.html

Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1296253

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.