Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 11 Apr 2014 11:08:19 -0400 (EDT)
From: cve-assign@...re.org
To: pmatouse@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> A flaw was found in the way ping_init_sock() function handled
> group_info struct reference counter. Since group_info refcounter is
> only incremented but never decremented in this codepath, it could lead
> to refcounter overflow and possibly to use-after-free issue later.
> 
> An unprivileged local user could use this flaw to crash the system or,
> potentially, escalate their privileges on the system.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1086730
> 
> https://lkml.org/lkml/2014/4/10/736 (not yet available at
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/net/ipv4/ping.c)

Use CVE-2014-2851.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTSATmAAoJEKllVAevmvmsTB4H+wRZGJdbJ9LUbFivCT1FQyze
Qj3SMrvu8R9K3dX1RU5iBQk1JDo9tdI8lFVm17JA7HXxVMi/wnivyxLHeNHN8oS1
HfMKc+nL+4mbizPyw+qAhpntgjmy5MuMHAv6C7/cQPHPX25gI1bc/SKhoAaUiHCT
iRk5IxwC3VjXD3RhCAjZ2giVvjCVXqkbLmuEFz8SEVx2oMnI+X1mR7tRETjD5lxK
G/kR5/nrobA0p5Kg0q/VAa37aoruxkUsSwTz5LWyHgqxfQALKO2UfPZZYD5/TMxn
ZkFXv9qLyzuMeWqnX/QDfv30AyBMcpP11h0+TJ4n5ZTnwaNRDu0AYaZTVRWu61Q=
=N7gK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ