-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description =========== Linux Kernel contains a flaw in the mmc_ioctl_cdrom_read_data() function in drivers/cdrom/cdrom.c that may lead to the unauthorized disclosure of sensitive information. The issue is triggered when reading a block from the user's system, which can result in the associated buffer not being completely filled. This may allow a local attacker to gain access to arbitrary information stored within the kernel memory. Classification ============== Location : Local Access Required Attack Type : Information Disclosure, Input Manipulation Version : Kernel 3.9.5 Impact : Loss of Confidentiality Solution : Patch / RCS Disclosure : Vendor Verified References ========== CVE ID : CVE-2013-2164 Mail List Post : http://seclists.org/oss-sec/2013/q2/500 Commit patch : 050e4b8fb7cdd7096c987a9cd556029c622c7fe2 Credit : Jonathan Salwan (Sysdream Security Lab) Timeline ======== 2013-05-29 : Bug reported 2013-06-06 : Bug fix in next-line 2013-06-06 : CVE request 2013-06-10 : CVE assigned -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQEcBAEBAgAGBQJR1bICAAoJEPOJsN31NSLh6ygH/i4zshi+SsivO1l1nEyZbV8l oa1d6CalvbDD4EGBFM6+0+5ouNoMZhxX+dmtiWUcGJ3YozOhkjbVAQ40tfMi8feB 64IclhHxAvtSmPmSoVIGr+6FNfEc9eDXB0QlfwIYxD5H7oQdHI2lTW4Eyao8eFZc 0IFiZoy/qbUbNkXlRKzoQCCRMcNK1m1TmoDR47rGJez+X5zCR/8XVJUU8GXe5V4M PRKakyLP4nPJLX5PG/6DDfAKPumhOHwNAtD7pd1rDaNxviXZd0kU+AIEonEqhKny 5f1EO/nISvRhR8FGFa+iDShTO3WkZEEpl0BShfkry1xOAlKiTtjhK1ISrLtdde4= =POHL -----END PGP SIGNATURE-----