Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 461524 (CVE-2013-0914)

Summary: Kernel : sa_restorer information leak (CVE-2013-0914)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=920499
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-03-12 14:28:10 UTC 
From $URL :

Linux kernel is vulnerable to an information leakage flaw. This occurs when
a process calls routine - sigaction() - to access - sa_restorer - parameter.
This parameter points to an address that belongs to its parent process'
address space.

A user could use this flaw to infer address layout of a process.

Reference:
----------
 -> https://lkml.org/lkml/2013/3/11/498
 -> http://www.openwall.com/lists/oss-security/2013/03/11/8
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-25 00:14:17 UTC 
Patch in mainline 3.9 onwards