oss-sec mailing list archives
CVE Request: kernel info leak in tkill/tgkill
From: Marcus Meissner <meissner () suse de>
Date: Sun, 2 Jun 2013 19:56:09 +0200
Hi, This small Linux kernel info leaks still needs a CVE I think. b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f Author: Emese Revfy <re.emese () gmail com> Date: Wed Apr 17 15:58:36 2013 -0700 kernel/signal.c: stop info leak via the tkill and the tgkill syscalls This fixes a kernel memory contents leak via the tkill and tgkill syscalls for compat processes. This is visible in the siginfo_t->_sifields._rt.si_sigval.sival_ptr field when handling signals delivered from tkill. The place of the infoleak: int copy_siginfo_to_user32(compat_siginfo_t __user *to, siginfo_t *from) { ... put_user_ex(ptr_to_compat(from->si_ptr), &to->si_ptr); ... } Signed-off-by: Emese Revfy <re.emese () gmail com> Reviewed-by: PaX Team <pageexec () freemail hu> Signed-off-by: Kees Cook <keescook () chromium org> Cc: Al Viro <viro () zeniv linux org uk> Cc: Oleg Nesterov <oleg () redhat com> Cc: "Eric W. Biederman" <ebiederm () xmission com> Cc: Serge Hallyn <serge.hallyn () canonical com> Cc: <stable () vger kernel org> Signed-off-by: Andrew Morton <akpm () linux-foundation org> Signed-off-by: Linus Torvalds <torvalds () linux-foundation org>
Current thread:
- CVE Request: kernel info leak in tkill/tgkill Marcus Meissner (Jun 02)
- Re: CVE Request: kernel info leak in tkill/tgkill Kurt Seifried (Jun 04)