Summary: | Kernel : net: af_key: initialize satype in key_notify_policy_flush (CVE-2013-2237) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kernel |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=981220 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-07-04 12:17:55 UTC
$ git tag --contains 85dfb745ee40232876663ae206cba35f24ab2a40 | grep -v rc | xargs echo v3.10 v3.9 v3.9.1 v3.9.2 v3.9.3 v3.9.4 v3.9.5 v3.9.6 v3.9.7 v3.9.8 v3.9.9 Already present in branches 3.9 and 3.10, added to genpatches for 3.0, 3.2, 3.4. ------------------------------------------------------------------------ r2435 | tomwij | 2013-07-04 14:39:53 +0200 (Thu, 04 Jul 2013) | 1 line Applied vulnerable af_key uninitialized field fix to avoid information leakage for bug #475738 to branches 3.0, 3.2 and 3.4. ------------------------------------------------------------------------ CVE-2013-2237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2237): The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. Fix in 3.4.59 onward |