[cve-2010-3876] net: packet: fix information leak to userland
Andy Whitcroft
apw at canonical.com
Tue Feb 1 14:26:22 UTC 2011
The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel
before 2.6.37-rc2 does not initialize a certain structure, which allows
local users to obtain potentially sensitive information from kernel stack
memory by reading a copy of this structure.
Following this email are CVE patches for Dapper, Hardy, Karmic, Lucid,
and Maverick. These are all trivial backports from the upstream commit
below:
commit fe10ae53384e48c51996941b7720ee16995cbcb7
Author: Vasiliy Kulikov <segooon at gmail.com>
Date: Wed Nov 10 10:14:33 2010 -0800
net: ax25: fix information leak to userland
Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater
field of fsa struct, also the struct has padding bytes between
sax25_call and sax25_ndigis fields. This structure is then copied to
userland. It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
-apw
More information about the kernel-team
mailing list