
Kernel 0-day - read the uninitialized bytes of the kernel stack - gasull
http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077321.html
======
jws
Uninitialized scratch array in the Berkeley Packet Filter code. It is
smallish, 16 words? But presumably you can run the attack a lot and see a
bunch of different 16 words sections.

The astounding patch can be found here:

[http://marc.info/?l=linux-
netdev&m=128934173821229&w...](http://marc.info/?l=linux-
netdev&m=128934173821229&w=2)

