Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 462454 (CVE-2013-1873)

Summary: Kernel : information leaks via netlink interface (CVE-2013-1873)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: eric-f.garioud, kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=923652
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-03-20 09:55:35 UTC 
From $URL :

Linux kernel built with Data Center Bridging(CONFIG_DCB)  or  Bridging with
IGMP/MLD snooping(CONFIG_BRIDGE_IGMP_SNOOPING)  or  Routing Socket netlink
(rtnetlink(7)) support, is vulnerable to an information leakage flaw.
It occurs while calling routines from above modules via kernel's netlink or
rtnetlink interface.

A user/program could use this flaw to leak kernel memory bytes.

Upstream fix:
-------------
 -> http://git.kernel.org/linus/29cd8ae0e1a39e239a3a7b67da1986add1199fc0
 -> http://git.kernel.org/linus/84d73cd3fb142bf1298a8c13fd4ca50fd2432372
 -> http://git.kernel.org/linus/c085c49920b2f900ba716b4ca1c1a55ece9872cc

Reference:
----------
 -> http://www.openwall.com/lists/oss-security/2013/03/19/12
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-25 00:23:37 UTC 
Patches in mainline 3.9 onward