Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABEk9YyvOch_N0Z3jaZW3rgHW1ktBnEpdJ5oRrzteQCCkSai7A@mail.gmail.com>
Date: Wed, 4 May 2016 16:47:53 -0400
From: Kangjie Lu <kangjielu@...il.com>
To: oss-security@...ts.openwall.com, Chengyu Song <csong84@...ech.edu>, 
	Taesoo Kim <taesoo@...ech.edu>, Insu Yun <insu@...ech.edu>
Subject: CVE Request: kernel information leak vulnerability in rtnetlink

Hello,

The rtnetlink module of Linux kernel has ab information leak vulnerability
In the file "net/core/rtnetlink.c", The stack object “map” has a total size
of
32 bytes. Its last 4 bytes are padding generated by compiler. These padding
bytes are not initialized and sent out via “nla_put”.


Fix info:
*http://marc.info/?l=linux-netdev&m=146230822606494&w=2
<http://marc.info/?l=linux-netdev&m=146230822606494&w=2>*
*http://marc.info/?l=linux-netdev&m=146239324530095&w=2
<http://marc.info/?l=linux-netdev&m=146239324530095&w=2>*

Please help assign a CVE to this vulnerability.



Thanks a lot!
Kangjie Lu

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.