Bugzilla – Bug 142251
VUL-0: kernel: dm-crypt information leak
Last modified: 2009-10-14 08:03:52 UTC
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0095 only a minor problem in my eyes. dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.
The current sles10 CVS has this fixed as it based on -git9. I have backported into sles9-sp4, fixing it on the way. I've reported the problem with the patch to Authors and linux-kernel. Maybe I'll add the fix to HEAD once it gets to mainline....
this likely applies to the other kernel branches too, right?
Created attachment 70077 [details] The patch from 9.3 Here is the patch from 9.3 which should replace the one in SLES9-SP3
Oops.... wrong bug... now how did I do that.... Sorry, forget comment #4 and comment #5.
can you/someone else apply the patch to the other active branches? cvs tags are listed in: http://w3d.suse.de/Dev/Labs/Pubs/Kernel_Building.html
Ok, I've applied it and updated the status whiteboard. NeilBrown
thanks neil!
marking fixed, since all done exccept pushing out via update.
CVE-2006-0095: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)