CLD-40 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
linux |
Deficiency Type |
SECURITY |
Date Created |
2017-09-20 11:27:30 |
Date Last Modified |
2017-09-20 13:20:18 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in linux-4.9.51-i686-1 |
Cucumber 1.0 x86_64 | fixed in linux-4.9.51-x86_64-1 |
Cucumber 1.1 i686 |
fixed in linux-4.9.51-i686-1 |
Cucumber 1.1 x86_64 |
fixed in linux-4.9.51-x86_64-1 |
Details:
From https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.51:
inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() copy
sizeof(sockaddr_storage) bytes to fill in sockaddr structs used
to export diagnostic information to userspace.
However, the memory allocated to store sockaddr information is
smaller than that and depends on the address family, so we leak
up to 100 uninitialized bytes to userspace. Just use the size of
the source structs instead, in all the three cases this is what
userspace expects. Zero out the remaining memory.
Unused bytes (i.e. when IPv4 addresses are used) in source
structs sctp_sockaddr_entry and sctp_transport are already
cleared by sctp_add_bind_addr() and sctp_transport_new(),
respectively.