Re: CVE request: Linux kernel: net: memory leak in recvmsg handler msg_name & msg_namelen logic

[Marcus Meissner <meissner () suse de>]

On Tue, Dec 10, 2013 at 01:00:43PM +0530, P J P wrote:
>    Hello,
>
> Linux kernel built with the networking support(CONFIG_NET) is vulnerable to 
> an information leakage flaw in the socket layer. It could occur while doing 
> recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly 
> initialised msg_name & msg_namelen message header parameters.
>
> A user/program could use this flaw to leak kernel memory bytes.
>
> Upstream fix:
> -------------
>  -> https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
>
> Reference:
> ----------
>  -> https://bugzilla.redhat.com/show_bug.cgi?id=1039845

CVE-2013-6405 covers parts of that already I think and could be extended?

Ciao, Marcus