Bug 820039 (CVE-2012-3430) - CVE-2012-3430 kernel: recv{from,msg}() on an rds socket can leak kernel memory
Summary: CVE-2012-3430 kernel: recv{from,msg}() on an rds socket can leak kernel memory
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-3430
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 822727 822728 822729 822731 843553 843554
Blocks: 819767
TreeView+ depends on / blocked
 
Reported: 2012-05-09 00:43 UTC by Eugene Teo (Security Response)
Modified: 2019-09-29 12:52 UTC (History)
21 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-24 12:52:52 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1304 normal SHIPPED_LIVE Moderate: kernel security and bug fix update 2012-09-25 22:58:04 UTC
Red Hat Product Errata RHSA-2012:1323 normal SHIPPED_LIVE Important: kernel security and bug fix update 2012-10-02 21:43:56 UTC
Red Hat Product Errata RHSA-2012:1491 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2012-12-05 00:50:25 UTC

Description Eugene Teo (Security Response) 2012-05-09 00:43:22 UTC
Two similar issues:

1) Reported by Jay Fenlason and Doug Ledford:
recvfrom() on an RDS socket can disclose sizeof(struct sockaddr_storage)-sizeof(struct sockaddr_in) bytes of kernel stack to userspace when receiving a datagram.

2) Reported by Jay Fenlason:
recv{from,msg}() on an RDS socket can disclose sizeof(struct sockaddr_storage)
bytes of kernel stack to userspace when other code paths are taken.

Comment 5 Petr Matousek 2012-07-26 15:26:38 UTC
Statement:

The Red Hat Security Response Team has rated this issue as having low security 
impact. A future kernel updates may address this issue. For additional 
information, refer to the Issue Severity Classification:
https://access.redhat.com/security/updates/classification/.

Comment 7 Petr Matousek 2012-07-26 15:28:09 UTC
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 843554]

Comment 12 Fedora Update System 2012-08-05 21:24:52 UTC
kernel-3.4.7-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Murray McAllister 2012-09-24 11:05:01 UTC
Acknowledgements:

This issue was discovered by the Red Hat InfiniBand team.

Comment 14 errata-xmlrpc 2012-09-25 18:59:47 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1304 https://rhn.redhat.com/errata/RHSA-2012-1304.html

Comment 15 Gary Anderson 2012-10-01 17:01:23 UTC
The statement from Petr Matousek on July 29th states that RHEL 5 is affected by this issue.  Is there any current release or estimated release date for the RHEL 5 resolution/fix?

Comment 16 Petr Matousek 2012-10-02 09:22:45 UTC
(In reply to comment #15)
> The statement from Petr Matousek on July 29th states that RHEL 5 is affected
> by this issue.  Is there any current release or estimated release date for
> the RHEL 5 resolution/fix?

Hello, Gary.

Today we are going to release a regular kernel update for Red Hat Enterprise Linux 5 that fixes this issue.

Best regards,
--
Petr Matousek / Red Hat Security Response Team

Comment 17 errata-xmlrpc 2012-10-02 17:45:19 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:1323 https://rhn.redhat.com/errata/RHSA-2012-1323.html

Comment 18 errata-xmlrpc 2012-12-04 19:58:20 UTC
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:1491 https://rhn.redhat.com/errata/RHSA-2012-1491.html


Note You need to log in before you can comment on or make changes to this bug.