blob: 8df14bbecb72645751fdb31d5706564ae254eb1e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Description:
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel
before 4.5.4 allows local users to obtain sensitive information from kernel memory
by reading a /proc/*/environ file during a process-setup time interval in which
environment-variable copying is incomplete.
References:
http://source.android.com/security/bulletin/2016-11-01.html
https://bugzilla.kernel.org/show_bug.cgi?id=116461
https://forums.grsecurity.net/viewtopic.php?f=3&t=4363
Notes:
Bugs:
upstream: released (4.6-rc7) [8148a73c9901a8794a50f950083c00ccf97d43b3]
3.16-upstream-stable: released (3.16.36)
3.2-upstream-stable: released (3.2.81)
sid: released (4.5.4-1)
3.16-jessie-security: released (3.16.36-1)
3.2-wheezy-security: released (3.2.81-1)
|