Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 24 Apr 2012 09:23:16 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: use after free bug in "quota" handling
 in hugetlb code

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/24/2012 08:34 AM, Marcus Meissner wrote:
> Hi,
> 
> Reported by Schacher Raindel, quoting his report:
> 
> There is a use after free bug in the kernel hugetlb code. The bug
> can allow an authenticated, unprivileged local attacker to crash
> the system (and possibly gain higher privileges) if huge pages are
> enabled in the system.
> 
> A fix has been committed to upstream, commit 
> 90481622d75715bfcb68501280a917dbfe516029 "hugepages: fix use after
> free bug in "quota" handling"
> 
> Version-Release number of selected component (if applicable): The
> bug exists in kernel versions 2.6.24 and above.
> 
> References: https://bugzilla.novell.com/show_bug.cgi?id=758532 
> https://bugzilla.redhat.com/show_bug.cgi?id=815065 
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=90481622d75715bfcb68501280a917dbfe516029
>
>  Ciao, Marcus

Please use CVE-2012-2133 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPlsVkAAoJEBYNRVNeJnmTvF4QAJoyBiApjksbSQdkbJgfiO9w
AmGLaMxu/6krtEFmn8u3nwbguBn2QnERXuvtq+vC+/9LWieNIadt4pfbULFXd9Sz
PtBfc87p1xiQsZ9KZbbDMCSsWLkjQSTuqIvaD0imL4O9oYRr2tA7+Khxd1WYd+pI
fqciAWiixZ+Au6Bw+pXXZycWqBXNC9sCMD5f2lbJwMyBJGQLsfI/zyrmqS0IDhE4
aLW5s6DJ1KmfuopQo0U+H9Yr2kyjIVTgj4CBzcXE6pJQ3sXWKyupEEHd2jCGv5ss
jgPC/sSgvgTKWk+XIZNxjazFnjB/dXOhI3/FTwdAtjZFoKRqSjBKmPz0Z/fUZVox
BP3uC6Ff56hhuKYFDWN+FZpftlKidzTej4/oKNtM8+TXVUfoFnJzKlHWyIuMG2/5
jp3EYHRQnrDcrdrgiQVApegzPbDCsyyVfoo9h7GDDpVjEQnbFRYywa3gZCwyLKIT
tYGPcNUTMD1S6IRwh5axtKfm/rS6+0i08soUBZAPAglEmMIkmtCeT0ljSG4A7yoz
U4+hheWQILGBvSImwnD5Iql2FonZoNH0rInrwv+6agUz63z+ScFpoAAQ8h2gTiEG
oo8xMW/mMPvBVBXse3NEbzsnko6LjuH3CUF4qJLOLUni3tPAbWvmUMYH1TZ/s/28
BblHDRUQsCrcN8NcGmyz
=l5QG
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ