Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 20 Mar 2014 15:45:36 -0400 (EDT)
From: cve-assign@...re.org
To: pmatouse@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com,
        zoltan.kiss@...rix.com, mtsirkin@...hat.com
Subject: Re: CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> An information flaw was found in the way skb_zerocopy() copied skbs that
> are backed by userspace buffers (for example vhost-net and recent xen
> netback). Once the source skb is consumed, ubuf destructor is called and
> potentially releases the corresponding userspace buffers, which can then
> for example be repurposed, while the destination skb is still pointing
> to the them.
> 
> This issue is similar to CVE-2014-0131.
> 
> Upstream patch:
> https://lkml.org/lkml/2014/3/20/421

Use CVE-2014-2568.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTK0KNAAoJEKllVAevmvms+UkH/jUSasHTIEdX1iRHqyVSpHjA
b0PAYGAs7fZ3s/WtslGVEVaC7+ShGIK2wzxPWVe+6iM0WTPykzKyWmR8pOU8FKLD
2ChlkU/V9tKcU1IS+2TEAnX7VQO/bbftbl+HctKWQDSPg99/NuinO3oxPheaktbw
8OeH6X+mvPspKV0yRjJ8oKvfgExbmANKjE34U+vbxQH8g2H+JnU9qC1EGmpitOkk
0Aw5mXjK8rhhCbi8ehBegjB1cui8TmjpfJfI2RIBzaSNLPIbT82tAcnIPjDBY5x+
qwxvxkx0uJnt7bDS5ESPUNw2QIRyOQUIAwk4rBIA8fHIMOjPGzDAKEj+wqeN/6s=
=vvFF
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ