Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 May 2015 16:19:30 -0700
From: Andy Lutomirski <>
Subject: Re: CVE request Linux kernel: ns: user namespaces panic

On 05/29/2015 09:35 AM, P J P wrote:
>     Hello,
> Linux kernel built with the user namespaces support(CONFIG_USER_NS) is
> vulnerable to a NULL pointer dereference flaw. It could occur when users
> in user namespaces do unmount mounts.
> An unprivileged user could use this flaw to crash the system resulting
> in DoS.
> Upstream fixes:
> ---------------
>    ->
>    ->
> It was introduced by:
> ---------------------
>    ->
> Thank you Drew Fisher for reporting this issue to Fedora Security Team.

To clarify further: this is a regression in Linux 4.0.2 and will be 
fixed in Linux 4.0.5.  It has been independently reported by at least 
Kenton Varda and Alexander Larsson.  I think that Eric Biederman also 
reported it to linux-stable at some point.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ