Bug 820039 (CVE-2012-3430) - CVE-2012-3430 kernel: recv{from,msg}() on an rds socket can leak kernel memory
Summary: CVE-2012-3430 kernel: recv{from,msg}() on an rds socket can leak kernel memory
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-3430
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 822727 822728 822729 822731 843553 843554
Blocks: 819767
TreeView+ depends on / blocked
 
Reported: 2012-05-09 00:43 UTC by Eugene Teo (Security Response)
Modified: 2023-05-13 00:41 UTC (History)
21 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-24 12:52:52 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1304 0 normal SHIPPED_LIVE Moderate: kernel security and bug fix update 2012-09-25 22:58:04 UTC
Red Hat Product Errata RHSA-2012:1323 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2012-10-02 21:43:56 UTC
Red Hat Product Errata RHSA-2012:1491 0 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2012-12-05 00:50:25 UTC

Description Eugene Teo (Security Response) 2012-05-09 00:43:22 UTC 
Two similar issues:

1) Reported by Jay Fenlason and Doug Ledford:
recvfrom() on an RDS socket can disclose sizeof(struct sockaddr_storage)-sizeof(struct sockaddr_in) bytes of kernel stack to userspace when receiving a datagram.

2) Reported by Jay Fenlason:
recv{from,msg}() on an RDS socket can disclose sizeof(struct sockaddr_storage)
bytes of kernel stack to userspace when other code paths are taken.
Comment 5 Petr Matousek 2012-07-26 15:26:38 UTC 
Statement:

The Red Hat Security Response Team has rated this issue as having low security 
impact. A future kernel updates may address this issue. For additional 
information, refer to the Issue Severity Classification:
https://access.redhat.com/security/updates/classification/.
Comment 7 Petr Matousek 2012-07-26 15:28:09 UTC 
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 843554]
Comment 9 Petr Matousek 2012-07-26 15:51:51 UTC 
Upstream commit:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=06b6a1cf6e776426766298d055bb3991957d90a7
Comment 12 Fedora Update System 2012-08-05 21:24:52 UTC 
kernel-3.4.7-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Murray McAllister 2012-09-24 11:05:01 UTC 
Acknowledgements:

This issue was discovered by the Red Hat InfiniBand team.
Comment 14 errata-xmlrpc 2012-09-25 18:59:47 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1304 https://rhn.redhat.com/errata/RHSA-2012-1304.html
Comment 15 Gary Anderson 2012-10-01 17:01:23 UTC 
The statement from Petr Matousek on July 29th states that RHEL 5 is affected by this issue.  Is there any current release or estimated release date for the RHEL 5 resolution/fix?
Comment 16 Petr Matousek 2012-10-02 09:22:45 UTC 
(In reply to comment #15)
> The statement from Petr Matousek on July 29th states that RHEL 5 is affected
> by this issue.  Is there any current release or estimated release date for
> the RHEL 5 resolution/fix?

Hello, Gary.

Today we are going to release a regular kernel update for Red Hat Enterprise Linux 5 that fixes this issue.

Best regards,
--
Petr Matousek / Red Hat Security Response Team
Comment 17 errata-xmlrpc 2012-10-02 17:45:19 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:1323 https://rhn.redhat.com/errata/RHSA-2012-1323.html
Comment 18 errata-xmlrpc 2012-12-04 19:58:20 UTC 
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:1491 https://rhn.redhat.com/errata/RHSA-2012-1491.html
Note You need to log in before you can comment on or make changes to this bug.