MNBSD-2021-0: Uninitialized kernel stack disclosures in several file systems

Severity: Unknown

Affected Package: kernel

Summary: Uninitialized kernel stack disclosures in several file systems

Description

Several file systems failed to properly initialize memory before copying it to userland. Uninitialized kernel stack disclosures in tmpfs, smbfs, autofs and mqueuefs (CVE-2020-25578), and an uninitialized padding field in msdosfs (CVE-2020-25579), could leak sensitive kernel information to userspace, which may be used to help compromise the system.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2020-25578, CVE-2020-25579

Published: January 29, 2021
Last Modified: January 29, 2021