Date: Thu, 20 Mar 2014 15:45:36 -0400 (EDT) From: cve-assign@...re.org To: pmatouse@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, zoltan.kiss@...rix.com, mtsirkin@...hat.com Subject: Re: CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > An information flaw was found in the way skb_zerocopy() copied skbs that > are backed by userspace buffers (for example vhost-net and recent xen > netback). Once the source skb is consumed, ubuf destructor is called and > potentially releases the corresponding userspace buffers, which can then > for example be repurposed, while the destination skb is still pointing > to the them. > > This issue is similar to CVE-2014-0131. > > Upstream patch: > https://lkml.org/lkml/2014/3/20/421 Use CVE-2014-2568. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTK0KNAAoJEKllVAevmvms+UkH/jUSasHTIEdX1iRHqyVSpHjA b0PAYGAs7fZ3s/WtslGVEVaC7+ShGIK2wzxPWVe+6iM0WTPykzKyWmR8pOU8FKLD 2ChlkU/V9tKcU1IS+2TEAnX7VQO/bbftbl+HctKWQDSPg99/NuinO3oxPheaktbw 8OeH6X+mvPspKV0yRjJ8oKvfgExbmANKjE34U+vbxQH8g2H+JnU9qC1EGmpitOkk 0Aw5mXjK8rhhCbi8ehBegjB1cui8TmjpfJfI2RIBzaSNLPIbT82tAcnIPjDBY5x+ qwxvxkx0uJnt7bDS5ESPUNw2QIRyOQUIAwk4rBIA8fHIMOjPGzDAKEj+wqeN/6s= =vvFF -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ