Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 04 Jul 2012 10:31:45 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- kernel: epoll: can leak file descriptors
 when returning -ELOOP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/04/2012 01:19 AM, Petr Matousek wrote:
> An epoll_ctl(,EPOLL_CTL_ADD,,) operation can return '-ELOOP' to
> prevent circular epoll dependencies from being created.  However,
> in that case we do not properly clear the 'tfile_check_list'.
> 
> An unprivileged local user could use this flaw to crash the
> system.
> 
> Regression introduced via 28d82dc1c4edbc352129f97f4ca22624d1fe61de 
> commit.
> 
> Upstream fix: 13d518074a952d33d47c428419693f63389547e9
> 
> References: https://lkml.org/lkml/2012/3/27/65 
> https://lkml.org/lkml/2012/4/17/247 
> https://bugzilla.redhat.com/show_bug.cgi?id=837502
> 
> Thanks,

Please use CVE-2012-3375 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP9G/uAAoJEBYNRVNeJnmTQ0gQAKEDLP9MS+7TfgdvZwW0WvUp
/yn9FiWGZ7I9J0cXfPA/UNF4DOb4kZ4SbZBRwPwPKm8+KlP2CczDfSIXqHniyTWP
DYA1bahNPjesFIDuLWm7aZE+Joj3S2ptQzrrlGLmMEM/SzftI9cAs63bBVj0FgP1
cyckX/qkvhla5OlD3lrHmqFUpXE5z375mR26g7pvQPSwUibdVSPz1AQCydiUjU00
BnTWbhXfWBAzLh38phj1Fi9McoefzBG4Ih0ACf/WqkP3SnJzNpNccMpMK57qqICK
B1hXmkIIjK+taa7/URJJmXz62wEYkC1COaXgbXx6fwc0xsCIjAQoOx4ZBCqlK69D
WYV9qQz3whByMtAF210MiHvUaH6V3it2UU02v+YKO+LYi40TRBH6DiIpNKg/ghrV
Pnwn8Q4Hp7YjKEoQqo33WjyH3U/PXjLIkIOpf/DAQeTJ1ERuhNH0TsQzVMLbYCCd
N9mmUNJQbfPWxH5g5JfxzZXmGYfYcrvUNQechfwrZ9ZOwrUDyP+ip0tKvWWqu54/
7UiZ/QJoUGACqqFyX6FcUw2nQladfYtDmyKHJZE9uvwz8DeZhB8OnMomTDjoUWsU
Ep3+Fla8lUvEzUa7XZ4sirDlP58l2PDb6x2ylYDIRY3zGuRMpwz1LKz0TZoldhFu
MyPWFd6InJk96QZ64PVn
=jYse
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ