This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 820039 - (CVE-2012-3430) CVE-2012-3430 kernel: recv{from,msg}() on an rds socket can leak kernel memory
CVE-2012-3430 kernel: recv{from,msg}() on an rds socket can leak kernel memory
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20120723,reported=2...
: Security
Depends On: 822727 822728 822729 822731 843553 843554
Blocks: 819767
  Show dependency treegraph
 
Reported: 2012-05-08 20:43 EDT by Eugene Teo (Security Response)
Modified: 2015-08-19 05:16 EDT (History)
21 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-24 08:52:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Eugene Teo (Security Response) 2012-05-08 20:43:22 EDT
Two similar issues:

1) Reported by Jay Fenlason and Doug Ledford:
recvfrom() on an RDS socket can disclose sizeof(struct sockaddr_storage)-sizeof(struct sockaddr_in) bytes of kernel stack to userspace when receiving a datagram.

2) Reported by Jay Fenlason:
recv{from,msg}() on an RDS socket can disclose sizeof(struct sockaddr_storage)
bytes of kernel stack to userspace when other code paths are taken.
Comment 5 Petr Matousek 2012-07-26 11:26:38 EDT
Statement:

The Red Hat Security Response Team has rated this issue as having low security 
impact. A future kernel updates may address this issue. For additional 
information, refer to the Issue Severity Classification:
https://access.redhat.com/security/updates/classification/.
Comment 7 Petr Matousek 2012-07-26 11:28:09 EDT
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 843554]
Comment 12 Fedora Update System 2012-08-05 17:24:52 EDT
kernel-3.4.7-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Murray McAllister 2012-09-24 07:05:01 EDT
Acknowledgements:

This issue was discovered by the Red Hat InfiniBand team.
Comment 14 errata-xmlrpc 2012-09-25 14:59:47 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1304 https://rhn.redhat.com/errata/RHSA-2012-1304.html
Comment 15 Gary Anderson 2012-10-01 13:01:23 EDT
The statement from Petr Matousek on July 29th states that RHEL 5 is affected by this issue.  Is there any current release or estimated release date for the RHEL 5 resolution/fix?
Comment 16 Petr Matousek 2012-10-02 05:22:45 EDT
(In reply to comment #15)
> The statement from Petr Matousek on July 29th states that RHEL 5 is affected
> by this issue.  Is there any current release or estimated release date for
> the RHEL 5 resolution/fix?

Hello, Gary.

Today we are going to release a regular kernel update for Red Hat Enterprise Linux 5 that fixes this issue.

Best regards,
--
Petr Matousek / Red Hat Security Response Team
Comment 17 errata-xmlrpc 2012-10-02 13:45:19 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:1323 https://rhn.redhat.com/errata/RHSA-2012-1323.html
Comment 18 errata-xmlrpc 2012-12-04 14:58:20 EST
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:1491 https://rhn.redhat.com/errata/RHSA-2012-1491.html

Note You need to log in before you can comment on or make changes to this bug.