Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 14 May 2014 12:16:16 -0400 (EDT)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Linux kernel built with the fast userspace mutexes(CONFIG_FUTEX) support is
> vulnerable to a NULL pointer dereference flaw. It could occur when a waiting
> task requests wait to be re-queued from non-PI futex to a PI-aware futex via
> FUTEX_WAIT_REQUEUE_PI operation.
> 
> An unprivileged user/program could use this flaw to crash the system kernel
> resulting in DoS.
> 
> https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef

Use CVE-2012-6647.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTc5Z5AAoJEKllVAevmvmsmSkH/0eNY313nX9uZpL0ODQFolgq
mNjz1UE8XJd9ZeQYamteDtZu7K4xJfiuqtlImbkBEZ8gCnXuDIwKNisgCnkbpolE
/X8OzQVR3HL/ZVOJhuKtjztMxZenyEIpVNwHFnPWMs2fbsTHYCBP53KdaA1kW1tY
EPZ19X0AroIpMBBh1suzTLcxkIJEOCghQ/2lledEvx05ok+dgTstwe2FJ16tyKX1
M+6WQLhts42Rlhf/07bAMTRf03UsMmeDr9gWLtVsX6JXvzXqYHEEUUIzyDLZQjA+
ezfp/vL6sp67fPj8uz0DKWaJl2dMBk7W6p7fZYed4a66SCsNCgptWxpDsi5IvxI=
=T8n3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ