Topic: pioctls leak kernel memory contents
       CVE-2015-3284

Issued:         29-July-2015
Last Update:    29-July-2015
Affected:       OpenAFS versions 1.6.0 through 1.6.12

A local user executing commands which make pioctl calls to the kernel
will have some contents of kernel memory leaked when buffers used are
larger than data being returned.

SUMMARY
=======

The kernel's pioctl handling uses either a private pool of buffers or allocated
memory depending on the size of what is anticipated to be returned. In either
case a buffer larger than needed can be used, leaking the contents of the
buffer to the caller.


IMPACT
======

Stack or private pool memory can be leaked to a local caller.


AFFECTED SOFTWARE
=================

OpenAFS kernel extensions for versions 1.6.0 through 1.6.12


FIXES
=====

The OpenAFS project recommends that administrators of fileservers upgrade
to OpenAFS version 1.6.13 or newer.

For those sites unable, or unwilling, to upgrade a patch which resolves this
issue is available directly from:

  http://www.openafs.org/security/openafs-sa-2015-003.patch

The latest stable OpenAFS release is always available from
http://www.openafs.org/release/latest.html

This announcement and code patches related to it may be found on the
OpenAFS security advisory page at:

  http://www.openafs.org/security/

The main OpenAFS web page is at:

  http://www.openafs.org/