2 matches found
Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field Exploit
Exploit for linux platform in category dos / poc / Linux tai. If doadjtimex doesn't write to -tai e.g. because the arguments are invalid, compatputtimex then copies the uninitialized -tai field to userspace. Demo: $ cat leak32.c / include include include include include include include / from...
Linux 4.16.9 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall
Linux 4.16.9 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall / Commit 3a4d44b61625 "ntp: Move adjtimex related compat syscalls to native counterparts" removed the memset in compatgettimex. Since then, the compat adjtimex syscall can invoke doadjtimex with an...