oss-security - kernel: fix minor infoleak in get_user

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <CABniQZMPWz9XaVm4fjsYC8SZXksNm-63-gzeRkz8Eertv3j-SQ@mail.gmail.com>
Date: Thu, 3 Nov 2016 12:44:32 +0800
From: Shawn <citypw@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: kernel: fix minor infoleak in get_user_ex()

Hi guys,

I suppose this bug should get a CVE number.

Info:
get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak
(at most we are leaking uninitialized 64bit value off the kernel
stack, and in a fairly constrained situation, at that), but the fix is
trivial, so... Cc: stable@...r.kernel.org Signed-off-by: Al Viro
<viro@...iv.linux.org.uk> [ This sat in different branch from the
uaccess fixes since mid-August ] Signed-off-by: Linus Torvalds
<torvalds@...ux-foundation.org>

Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af

Impact:

According to Spender:

https://lwn.net/Articles/705264/

Mitigation:

PaX/Grsecurity's KERNEXEC/UDEREF
SMEP

-- 
GNU powered it...
GPL protect it...
God blessing it...

regards
Shawn

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.