oss-sec mailing list archives
Re: Re: kernel: fix minor infoleak in get_user_ex()
From: Moritz Muehlenhoff <jmm () debian org>
Date: Mon, 7 Nov 2016 13:48:54 +0100
Hi,
get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak (at most we are leaking uninitialized 64bit value off the kernel stack, and in a fairly constrained situation https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af https://lwn.net/Articles/705264/Use CVE-2016-9178.
Can you please clarify on the scope of CVE-2016-9178? I assume this is for the leak fixed with 1c109fabbd51863475cd12ac206bdd249aee35af, but the LWN comment by Brad Spengler referenced above refers to a new issue which affected some Linux stable lines, which backported 1c109fabbd51863475cd12ac206bdd249aee35af without also backporting 548acf19234dbda5a52d5a8e7e205af46e9da840. So please assign a second CVE ID for the latter. Cheers, Moritz
Current thread:
- kernel: fix minor infoleak in get_user_ex() Shawn (Nov 03)
- Re: kernel: fix minor infoleak in get_user_ex() cve-assign (Nov 04)
- Re: Re: kernel: fix minor infoleak in get_user_ex() Moritz Muehlenhoff (Nov 07)
- Re: kernel: fix minor infoleak in get_user_ex() cve-assign (Nov 28)
- Re: Re: kernel: fix minor infoleak in get_user_ex() Moritz Muehlenhoff (Nov 07)
- Re: kernel: fix minor infoleak in get_user_ex() cve-assign (Nov 04)