Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Jan 2015 23:05:35 -0500 (EST)
From: Wade Mealing <>
To:, OSS Security List <>
Subject: CVE Request: Linux kernel - Denial of service in notify_change for

I'd like to request a CVE for an issue brought up on this list on Jan 17th 2015.  I did not
see one created for this issue titled:

"Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks"

This issue can be classified as a denial of service.


[wmealing]$ ping -c1
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=51 time=14.1 ms
--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 14.162/14.162/14.162/0.000 ms

[wmealing]$ chown root:root /usr/bin/ping
chown: changing ownership of ‘/usr/bin/ping’: Operation not permitted

[wmealing]$ ping
ping: icmp open socket: Operation not permitted

This can cause a denial of service for applications which use the capabilities subsystem such as
pirahnah (arping), netconsole (arping), some kdump implementations, etc.

Thank you.

Wade Mealing -- Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ