mbox series

[0/1,SRU,D] CVE-2019-16714: RDS local info leak

Message ID 20190923235358.2297-1-tyhicks@canonical.com
Headers show
Series CVE-2019-16714: RDS local info leak | expand

Message

Tyler Hicks Sept. 23, 2019, 11:53 p.m. UTC 
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-16714

 In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c
 allows attackers to obtain sensitive information from kernel stack
 memory because tos and flags fields are not initialized.

Simple backport to D. Clean build logs.

Tyler

Ka-Cheong Poon (1):
  net/rds: Fix info leak in rds6_inc_info_copy()

 net/rds/recv.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Khalid Elmously Sept. 27, 2019, 6:35 a.m. UTC | #1 
On 2019-09-23 23:53:57 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-16714
> 
>  In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c
>  allows attackers to obtain sensitive information from kernel stack
>  memory because tos and flags fields are not initialized.
> 
> Simple backport to D. Clean build logs.
> 
> Tyler
> 
> Ka-Cheong Poon (1):
>   net/rds: Fix info leak in rds6_inc_info_copy()
> 
>  net/rds/recv.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> -- 
> 2.17.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team