mailing list archives
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
From: Mathias Krause <minipli () googlemail com>
Date: Wed, 6 Mar 2013 10:14:46 +0100
On Wed, Mar 6, 2013 at 9:46 AM, Kurt Seifried <kseifried () redhat com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On 03/05/2013 01:52 PM, Mathias Krause wrote:
I don't care much about info leaks beyond merely fixing them. But
Alexander asked me to request a CVE ID for the recent crypto fix
of mine and as I did quite a few of such fixes in the recent past,
I'll just list them all here. The information might be a bit scarce
for a CVE ID request but as I don't expect any CVE IDs anyway, I
didn't wanted to do too much unnecessary work. ;)
CVE ID's prompt people to back port these security fixes which is a
good thing indeed =).
M'kay. Might be the case for the crypto fix as it wasn't Cc'ed to
stable, albeit I asked Herbert for it :/
(see <http://www.mail-archive.com/linux-crypto () vger kernel org/msg08339.html>).
9a5467b crypto: user - fix info leaks in report API
ecd7918 xfrm_user: ensure user supplied esn replay window is valid
1f86840 xfrm_user: fix info leak in copy_to_user_tmpl()
7b78983 xfrm_user: fix info leak in copy_to_user_policy()
f778a63 xfrm_user: fix info leak in copy_to_user_state()
4c87308 xfrm_user: fix info leak in copy_to_user_auth()
43da5f2 net: fix info leak in compat dev_ifconf()
2d8a041 ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
7b07f8e dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO)
3592aae llc: fix info leak via getsockname()
04d4fbc l2tp: fix info leak via getsockname()
792039c Bluetooth: L2CAP - Fix info leak via getsockname()
9344a97 Bluetooth: RFCOMM - Fix info leak via getsockname()
f9432c5 Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST)
9ad2de4 Bluetooth: RFCOMM - Fix info leak in getsockopt(BT_SECURITY)
3f68ba0 Bluetooth: HCI - Fix info leak via getsockname()
e15ca9a Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER)
3c0c5cf atm: fix info leak via getsockname()
e862f1a atm: fix info leak in getsockopt(SO_ATMPVC)
a117dac net/tun: fix ioctl() based info leaks
0143fc5 udf: avoid info leak on export
fe685aa isofs: avoid info leak on export
864745d xfrm_user: return error pointer instead of NULL
276bdb8 dccp: check ccid before dereferencing
can you provide the full git id/link to these?
Links are inlined above. The pattern how to create web-links is pretty
Also were they all
discovered by the same researcher?
All of the bugs were discovered and fixed by me. But I'm no
researcher. It's more a hobby of mine ;)
While we are at it: Do we care about getting CVE IDs for info
leaks? If so, all of them or only for the ones with leaks above a
certain threshold (>= 16 bytes, e.g.)?
Yes please. Much like DNA fragments you can potentially string them
together to reveal larger things.
Okay. I'll continue posting my findings, then.
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs cve-assign (Mar 14)