oss-sec mailing list archives
CVE Request: x25: a kernel infoleak in x25_negotiate_facilities()
From: Kangjie Lu <kangjielu () gmail com>
Date: Tue, 10 May 2016 15:35:09 -0400
Hello, In function x25_negotiate_facilities() of file net/x25/x25_facilities.c, the stack object "dte_facilities" is allocated in x25_rx_call_request(), which is supposed to be initialized in x25_negotiate_facilities. However, 5 fields (8 bytes in total) are not initialized. This object is then copied to userland via copy_to_user, thus an infoleak occurs. Fix info: https://lkml.org/lkml/2016/5/8/59 Patch applied: https://lkml.org/lkml/2016/5/9/1100 Please help assign a CVE to it. Thanks, Kangjie Lu
Current thread:
- CVE Request: x25: a kernel infoleak in x25_negotiate_facilities() Kangjie Lu (May 10)