OpenBCM V1.07b11 (WIN32)

Packet Radio Mailbox

DBO595

[LAU JN59RM]

 Login: GAST





  

NL1VKL > LINUX    22.07.21 14:00l 47 Lines 2024 Bytes #999 (0) @ WW
BID : 32852NL1VKL
Read: GAST
Subj: SECURITY: Linux AX.25 stack leaking data
Path: DBO595<DBX320<DBX233<VB1BOX<NL3VKL
Sent: 210722/1217Z @:NL3VKL.NBO.NLD.EU #:1743 [Uden] $:32852NL1VKL
From: NL1VKL@NL3VKL.NBO.NLD.EU
To  : LINUX@WW

Message from: NL1VKL@NL3VKL

Hi all,

For anyone who's running a Linux system with kernel 5.x and making use of 
Linux's own AX.25 stack, you should be aware of the following:

I've noticed recently that the 5.x Linux kernels are leaking random 
fragments of data with sensitive information from shared memory into a 
couple of NETROM frame types. 

At least the tested 5.4 and 5.10 versions with several distributions seem to 
do the same and seem to be affected. After some data/memory capturing and 
tracing I didn't notice any other occasion where it happens. 

Because the root cause of this might be deep into Linux's kernel source I 
won't be supprised and do believe it's not only NETROM leaking that data 
from memory but for now it's the only occasion where I've seen it happen. 
Because the Linux kernel and its memory management are highly advanced and 
complex I ceased chasing a possible root cause in the Linux kernel's source 
myself.

On my own setup I've currently downgraded to a 4.19 kernel.
The issue is reported and details are sent to the linux-hams maintainers. 

Hope they're picking up the issue and willing to investigate and resolve the 
issue soon. If not, I'll climb higher in the tree.

73! Dave de NL1VKL

====================================================================
 _____ __    ___   _____ _____ __    				  
|   | |  |  |_  | |  |  |  |  |  |       Sysop: Dave
| | | |  |__ _| |_|  |  |    -|  |__     QTH:   Uden - JO21TP
|_|___|_____|_____|\___/|__|__|_____|    BBS:   NL3VKL.NBO.NLD.EU
                                         QRV:   27.235 MHz (FM 1k2)
                                                27.365 MHz (LSB 1k2)                                           
NL3VKL BBS
NL5VKL Net/Rom node / internet gateway  https://nl5vkl.mijndingen.nl
====================================================================
** This message is generated with Sally 7.2.044
-----------------------------------------------------------------



Lese vorherige Mail | Lese naechste Mail

 23.11.2024 11:28:08lZurueck Nach oben