Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 462454 (CVE-2013-1873) - Kernel : information leaks via netlink interface (CVE-2013-1873)
Summary: Kernel : information leaks via netlink interface (CVE-2013-1873)
Status: RESOLVED FIXED
Alias: CVE-2013-1873
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-20 09:55 UTC by Agostino Sarubbo
Modified: 2021-10-25 00:23 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-20 09:55:35 UTC
From $URL :

Linux kernel built with Data Center Bridging(CONFIG_DCB)  or  Bridging with
IGMP/MLD snooping(CONFIG_BRIDGE_IGMP_SNOOPING)  or  Routing Socket netlink
(rtnetlink(7)) support, is vulnerable to an information leakage flaw.
It occurs while calling routines from above modules via kernel's netlink or
rtnetlink interface.

A user/program could use this flaw to leak kernel memory bytes.

Upstream fix:
-------------
 -> http://git.kernel.org/linus/29cd8ae0e1a39e239a3a7b67da1986add1199fc0
 -> http://git.kernel.org/linus/84d73cd3fb142bf1298a8c13fd4ca50fd2432372
 -> http://git.kernel.org/linus/c085c49920b2f900ba716b4ca1c1a55ece9872cc

Reference:
----------
 -> http://www.openwall.com/lists/oss-security/2013/03/19/12
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-25 00:23:37 UTC
Patches in mainline 3.9 onward