Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 May 2015 18:31:12 +0800
From: Wen Xu <>
Subject: CVE request for a fixed bug existed in all versions of linux kernel
 from KeenTeam

Recently we found a use-after-free bug which can lead to kernel arbitrary
execution in Linux kernel.
The bug was reported to the linux security group and it has been fixed.(commit
a134f083e79f ("ipv4: Missing sk_nulls_node_init() in ping_unhash()"). You
can find the fix commit here:
The bug exists in all versions of linux kernel. And the credit is to Wen Xu
and wushi of KeenTeam.
I am looking forward to your reply.

Wen Xu @ Keen Team

---------- Forwarded message ----------
From: Willy Tarreau <>
Date: 2015-05-02 15:43 GMT+08:00
Subject: Re: Socket Vulnerability Report (Lead to kernel arbitrary
execution) from KeenTeam
To: Wen Xu <>
Cc: Linus Torvalds <>, David Miller <>, "" <>

On Sat, May 02, 2015 at 02:50:32PM +0800, Wen Xu wrote:
> Many thanks, we've already seen the patch commit ;)
> By the way, as security researchers, if we want a CVE number for this ping
> socket bug, where could we request for? What's the routine process for

Now that the fix is public, you should ask oss-security, someone there
should provide you with one.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ