References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak

When building netlink messages, tc_chain_fill_node() never initializes
the tcm_info field of struct tcmsg. Since the allocation is not zeroed,
kernel heap memory is leaked to userspace through this 4-byte field.

The fix simply zeroes tcm_info alongside the other fields that are
already initialized.

https://git.kernel.org/stable/c/1091b3c174441a52fdbb92e2fe00338f9371a91c

https://git.kernel.org/stable/c/4ae5d23f51fb91d7d1140c6f1ba77ab0756054c3

https://git.kernel.org/stable/c/71a3eda7e850ae844cb8993065f4e410c11a46ce

https://git.kernel.org/stable/c/903c3405cfcc7700260e456ab66a5867586c9e69

https://git.kernel.org/stable/c/906997ea3766c24fbbf9cc4bf17c047315bbd138

https://git.kernel.org/stable/c/d6db08484c6cb3d4ad696246f9d288eceba2a078

https://git.kernel.org/stable/c/e35f5195cd44ff4053fbc5d71ea97681728a0099

https://git.kernel.org/stable/c/e6e3eb5ee89ac4c163d46429391c889a1bb5e404