Bug 922308 (CVE-2012-6540) - CVE-2012-6540 Kernel: ipvs: information leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
Summary: CVE-2012-6540 Kernel: ipvs: information leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2012-6540
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 858947
TreeView+ depends on / blocked
 
Reported: 2013-03-16 07:55 UTC by Prasad Pandit
Modified: 2021-02-17 07:55 UTC (History)
25 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-06-09 18:17:52 UTC
Embargoed:

Attachments (Terms of Use)

Description Prasad Pandit 2013-03-16 07:55:19 UTC 
Linux kernel built with IP virtual server support(CONFIG_IP_VS), but without
support for TCP(IP_VS_PROTO_TCP) or UDP(IP_VS_PROTO_UDP) or both protocols,
is vulnerable to an information leakage flaw. It occurs during the getsockopt
call to retrieve time out value: getsockopt(IP_VS_SO_GET_TIMEOUT).

A user/program could use this flaw to leak kernel memory bytes.

Upstream fix:
-------------
 -> https://git.kernel.org/linus/2d8a041b7bfe1097af21441cb77d6af95f4f4680

Reference:
----------
 -> http://www.openwall.com/lists/oss-security/2013/03/14/21
Comment 1 Prasad Pandit 2013-03-16 08:06:28 UTC 
Statement:

This issue does not affect the versions of the kernel package as shipped with
Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
Comment 2 Prasad Pandit 2013-03-16 08:09:54 UTC 
Upstream fix:
-------------
 -> https://git.kernel.org/linus/b61a602ee6730150f4d0df730d9312ac4d820ceb
Note You need to log in before you can comment on or make changes to this bug.