In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __u8 rsvd[4]; // offset 4 - NEVER SET <- LEAK }; rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata(). The reserved members of the structure were not zeroed.
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: RDMA/irdma: Corrección de fuga de pila del kernel en irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, sin relleno __u32 ah_id; // desplazamiento 0 - ESTABLECIDO (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __u8 rsvd[4]; // desplazamiento 4 - NUNCA ESTABLECIDO <- FUGA }; rsvd[4]: 4 bytes de memoria de pila filtrados incondicionalmente. Solo ah_id se asigna antes de ib_respond_udata(). Los miembros reservados de la estructura no fueron puestos a cero.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-401
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bde7ad900> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b703bb000> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bc462fc40> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b703b8600> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bde7ad6c0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bc462cc00> | Operating System |
| linux | linux_kernel | 5.14 | <built-in method update of dict object at 0x702bdd629340> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bde7accc0> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702b703b8f00> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bde7af380> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bdda01880> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702b703b9700> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bc462c480> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bdd62b680> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:5.14:-:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:* |