[Lucid CVE-2012-6537 0/3] xfrm_user: fix info leaks
Luis Henriques
luis.henriques at canonical.com
Fri Mar 22 11:12:42 UTC 2013
>From the description:
"net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not
initialize certain structures, which allows local users to obtain
sensitive information from kernel memory by leveraging the
CAP_NET_ADMIN capability."
Following this email there are 3 patches that should fix this
vulnerability for the Lucid kernel.
Mathias Krause (3):
xfrm_user: fix info leak in copy_to_user_tmpl()
xfrm_user: fix info leak in copy_to_user_policy()
xfrm_user: fix info leak in copy_to_user_state()
net/xfrm/xfrm_user.c | 3 +++
1 file changed, 3 insertions(+)
--
1.8.1.2
More information about the kernel-team
mailing list