Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 13 Nov 2012 16:36:23 +0100
From: Petr Matousek <pmatouse@...hat.com>
To: Marcus Meissner <meissner@...e.de>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE request -- Linux kernel: mm/hotplug: failure
 in propagating hot-added memory to other nodes

On Tue, Nov 13, 2012 at 04:21:19PM +0100, Marcus Meissner wrote:
> On Sun, Nov 11, 2012 at 12:19:13AM -0700, Kurt Seifried wrote:
> > On 11/10/2012 02:36 PM, Petr Matousek wrote:
> > > A NULL pointer dereference flaw has been found in the way a new
> > > node's hot-added memory is propagated to other nodes zonelists. An
> > > unprivileged local user can use this flaw to crash the system.
> > > 
> > > Upstream fix: 
> > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=08dff7b7d629807dbb1f398c68dd9cd58dd657a1
> > >
> > >  References: https://bugzilla.redhat.com/show_bug.cgi?id=875374
> > > 
> > > Thanks,
> > 
> > Please use CVE-2012-5517 for this issue.
> 
> Our Mel Gorman wonders how this is a security issue.
> 
> A local attacker would need to wait for the administrator to hot-add
> memory, which seems unlikely on first thought?

Yes, it is unlikely, but not impossible. This unlikely condition
is reflected in the CVSSv2 [1] score -- AC:H -- which Red Hat uses to
rate the severity of the security issues and also reflected in the
impact rating [2].

  [1] http://www.first.org/cvss/cvss-guide.html
  [2] https://access.redhat.com/security/updates/classification/

-- 
Petr Matousek / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.