[cve-2010-3876] net: packet: fix information leak to userland
Tim Gardner
tim.gardner at canonical.com
Tue Feb 1 14:40:49 UTC 2011
On 02/01/2011 07:26 AM, Andy Whitcroft wrote:
> The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel
> before 2.6.37-rc2 does not initialize a certain structure, which allows
> local users to obtain potentially sensitive information from kernel stack
> memory by reading a copy of this structure.
>
> Following this email are CVE patches for Dapper, Hardy, Karmic, Lucid,
> and Maverick. These are all trivial backports from the upstream commit
> below:
>
> commit fe10ae53384e48c51996941b7720ee16995cbcb7
> Author: Vasiliy Kulikov<segooon at gmail.com>
> Date: Wed Nov 10 10:14:33 2010 -0800
>
> net: ax25: fix information leak to userland
>
> Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater
> field of fsa struct, also the struct has padding bytes between
> sax25_call and sax25_ndigis fields. This structure is then copied to
> userland. It leads to leaking of contents of kernel stack memory.
>
> Signed-off-by: Vasiliy Kulikov<segooon at gmail.com>
> Signed-off-by: David S. Miller<davem at davemloft.net>
>
> -apw
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list