[rds-devel] [PATCH] rds: fix an infoleak in rds6_inc_info_copy
Santosh Shilimkar
santosh.shilimkar at oracle.com
Thu Apr 4 09:53:42 PDT 2019
On 4/4/2019 6:35 AM, Yang Xiao wrote:
> From: Young Xiao <YangX92 at hotmail.com>
>
> The field "flags" and "tos" of object "minfo6" is not
> initialized. Copying this object out may leak kernel
> stack data. Memset the object to avoid leak.
>
> This vulnerability is similar to CVE-2016-5244.
>
> See commit 4116def23379 ("rds: fix an infoleak in
> rds_inc_info_copy") for detail.
>
> Signed-off-by: Young Xiao <YangX92 at hotmail.com>
> ---
Acked-by: Santosh Shilimkar <santosh.shilimkar at oracle.com>
More information about the rds-devel
mailing list