-
Notifications
You must be signed in to change notification settings - Fork 63
KMSAN Trophies
-
strlen()
called on non-terminated string inbind()
forAF_PACKET
- Status: fixed upstream
-
too short socket address passed to
selinux_socket_bind()
- Status: reported upstream
-
uninitialized
msg.msg_flags
inrecvfrom
syscall- Status: fixed upstream
-
incorrect input length validation in
nl_fib_input()
- Status: fixed upstream by Eric Dumazet
-
uninitialized
sockc.tsflags
inudpv6_sendmsg()
- Status: fixed upstream
-
incorrect input length validation in
packet_getsockopt()
- Status: fixed upstream
-
incorrect input length validation in
raw_send_hdrinc()
andrawv6_send_hdrinc()
- Status: fixed upstream
-
missing check of
nlmsg_parse()
return value inrtnl_fdb_dump()
- Status: fixed upstream
-
Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer (CVE-2017-1000380)
-
strlen()
incorrectly called on user-supplied memory indev_set_alias()
- Status: fixed upstream
-
waitid()
copies uninitialized data to userspace (CVE-2017-14954)- Status: fixed upstream by Al Viro
-
local infoleak via an
SG_GET_REQUEST_TABLE
ioctl call for/dev/sg0
(CVE-2017-14991)- Status: fixed upstream
-
Uninitialized TCP request hash used in
cookie_v[46]_check()
- Status: fixed upstream
-
_sctp_walk_params() and _sctp_walk_errors() dereference uninitialized pointers
- Status: fixed upstream
-
sctp_v6_to_addr()
compared addresses to uninit data- Status: fixed upstream
-
tun_get_user()
accesses uninitialized data ifskb->len
is0
- Status: fixed upstream
-
sctp_inet6_skb_msgname()
leaks 4 bytes to the userspace- Status: fixed upstream by Eric W. Biederman
-
Use of uninitialized memory in
inet_ehash_insert()
- Status: fixed upstream by Eric Dumazet
-
Buffer overflow in
verify_address_len()
- Status: fixed upstream by Eric Biggers
-
Insufficient validation of user provided tunnel names in
vti6_tnl_create()
- Status: fixed upstream by Eric Dumazet
-
Information disclosure in
vhost/vhost.c:vhost_new_msg()
(CVE-2018-1118)- Status: patch in flight
deprecated_sysctl_warning()
reads uninit memorystruct sockaddr
length not checked inllcp_sock_connect()
- uninitialized default host->id in
nvmf_host_default()
-
KMSAN: uninit-value in pppoe_connect
(fix by Guillaume Nault) -
KMSAN: uninit-value in pppol2tp_connect
(fix by Guillaume Nault) -
KMSAN: uninit-value in fib6_new_table
(fix by Eric Dumazet) KMSAN: uninit-value in packet_set_ring
KMSAN: uninit-value in netif_skb_features
-
KMSAN: uninit-value in neigh_dump_info
(fix by Eric Dumazet) -
KMSAN: uninit-value in tcp_parse_options
(fix by Eric Dumazet) -
KMSAN: uninit-value in inet_getpeer
(fix by Eric Dumazet) -
KMSAN: uninit-value in sctp_sendmsg
(fix by Eric Dumazet) -
KMSAN: uninit-value in sctp_do_bind
(fix by Eric Dumazet) KMSAN: uninit-value in tipc_node_get_mtu
-
KMSAN: uninit-value in __skb_try_recv_from_queue
(fix by Eric Dumazet) -
KMSAN: uninit-value in inet6_rtm_delroute
(fix by Eric Dumazet) -
KMSAN: uninit-value in memcmp
(fix by Eric Dumazet) -
KMSAN: uninit-value in inet_csk_bind_conflict
(fix by Eric Dumazet) -
KMSAN: uninit-value in move_addr_to_user
(fix by Eric Dumazet) -
KMSAN: uninit-value in ip_route_output_key_hash_rcu
(fix by Eric Dumazet) -
KMSAN: uninit-value in fib_create_info
(fix by Eric Dumazet) -
KMSAN: uninit-value in alg_bind
(fix by Eric Dumazet) -
KMSAN: uninit-value in netlink_sendmsg
(fix by Eric Dumazet) -
KMSAN: uninit-value in iptable_mangle_hook
(fix by Eric Dumazet) -
KMSAN: uninit-value in ip6table_mangle_hook
(fix by Eric Dumazet) -
KMSAN: uninit-value in put_cmsg
(fix by Eric Dumazet) -
KMSAN: uninit-value in rt6_multipath_hash
(fix by Eric Dumazet) -
KMSAN: uninit-value in move_addr_to_user
(fix by Eric Dumazet) KMSAN: uninit-value in strcmp
KMSAN: uninit-value in __sctp_v6_cmp_addr
KMSAN: uninit-value in ebt_stp_mt_check
-
KMSAN: uninit-value in _copy_to_iter
CVE-2018-1118 KMSAN: uninit-value in ip_vs_lblcr_check_expire
-
KMSAN: uninit-value in nfqnl_recv_config
(fix by Eric Dumazet) KMSAN: uninit-value in ebt_stp_mt_check
-
KMSAN: uninit-value in eth_mac_addr
(fix by Eric Dumazet) -
KMSAN: uninit-value in rtnetlink_put_metrics
(fix by Eric Dumazet) KMSAN: uninit-value in ip_vs_lblc_check_expire
KMSAN: kernel-infoleak in vcs_read
KMSAN: uninit-value in ip_tunnel_xmit
KMSAN: uninit-value in br_nf_forward_arp
KMSAN: uninit-value in af_alg_free_areq_sgls
KMSAN: uninit-value in __nf_conntrack_find_get
KMSAN: kernel-infoleak in put_cmsg
KMSAN: uninit-value in gc_worker
-
KMSAN: kernel-infoleak in _copy_to_iter
(fix by Eric Dumazet) KMSAN: uninit-value in do_msgrcv
KMSAN: uninit-value in snd_midi_event_encode_byte
KMSAN: uninit-value in ip6_tnl_start_xmit
KMSAN: uninit-value in pppoe_rcv
KMSAN: kernel-infoleak in _copy_to_iter
KMSAN: uninit-value in synaptics_detect
KMSAN: uninit-value in dev_mc_add_excl
KMSAN: uninit-value in dev_uc_add_excl
KMSAN: uninit-value in ip_tunnel_lookup
KMSAN: uninit-value in linear_transfer
KMSAN: kernel-infoleak in kvm_write_guest_page
KMSAN: kernel-infoleak in kvm_arch_vcpu_ioctl
-
KMSAN: kernel-infoleak in _copy_to_iter
(fix by Eric Dumazet) -
KMSAN: uninit-value in packet_sendmsg
(fix by Willem de Bruijn) -
KMSAN: uninit-value in __inet6_bind
(fix by Cong Wang) -
KMSAN: kernel-infoleak in sctp_getsockopt
(fix by Xin Long) -
KMSAN: kernel-infoleak in capi_unlocked_ioctl
(fix by Eric Dumazet) -
KMSAN: uninit-value in check_6rd
(fix by Willem de Bruijn) -
KMSAN: uninit-value in vti6_tnl_xmit
(fix by Willem de Bruijn) -
KMSAN: uninit-value in gue6_err
(fix by Eric Dumazet) -
KMSAN: kernel-infoleak in sctp_getsockopt (2)
(fix by Xin Long) -
KMSAN: uninit-value in tipc_conn_rcv_sub
(fix by Ying Xue) -
KMSAN: uninit-value in gue_err
(fix by Eric Dumazet) -
KMSAN: uninit-value in tipc_nl_compat_dumpit
(fix by Ying Xue) -
KMSAN: kernel-infoleak in vmx_get_nested_state
(fix by Tom Roeder) -
KMSAN: uninit-value in kvm_clear_dirty_log_protect
(fix by Tomas Bortoli) -
KMSAN: uninit-value in tipc_nl_compat_link_reset_stats
(fix by Ying Xue) -
KMSAN: kernel-infoleak in move_addr_to_user
(fix by Eric Dumazet) -
KMSAN: uninit-value in tipc_nl_compat_bearer_enable
(fix by Ying Xue) -
KMSAN: uninit-value in tipc_nl_compat_link_set (2)
(fix by Ying Xue) -
KMSAN: uninit-value in tipc_nl_compat_name_table_dump
(fix by Ying Xue) -
KMSAN: uninit-value in tipc_nl_compat_doit
(fix by Ying Xue) -
KMSAN: kernel-infoleak in kvm_vcpu_write_guest_page
(fix by Tom Roeder) -
KMSAN: uninit-value in tipc_subscrb_rcv_cb
(fix by Ying Xue) -
KMSAN: uninit-value in batadv_interface_tx
(fix by Eric Dumazet) -
KMSAN: uninit-value in mpol_rebind_mm
(fix by Vlastimil Babka) -
KMSAN: kernel-infoleak in move_addr_to_user (2)
(fix by Eric Dumazet) -
KMSAN: uninit-value in gue_err (2)
(fix by Eric Dumazet) -
KMSAN: uninit-value in gue6_err (2)
(fix by Eric Dumazet) -
KMSAN: kernel-infoleak in video_usercopy
(fix by Hans Verkuil)
Last update: 09.04.2019