Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 461524 (CVE-2013-0914) - Kernel : sa_restorer information leak (CVE-2013-0914)
Summary: Kernel : sa_restorer information leak (CVE-2013-0914)
Status: RESOLVED FIXED
Alias: CVE-2013-0914
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-12 14:28 UTC by Agostino Sarubbo
Modified: 2021-10-25 00:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-12 14:28:10 UTC
From $URL :

Linux kernel is vulnerable to an information leakage flaw. This occurs when
a process calls routine - sigaction() - to access - sa_restorer - parameter.
This parameter points to an address that belongs to its parent process'
address space.

A user could use this flaw to infer address layout of a process.

Reference:
----------
 -> https://lkml.org/lkml/2013/3/11/498
 -> http://www.openwall.com/lists/oss-security/2013/03/11/8
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-25 00:14:17 UTC
Patch in mainline 3.9 onwards