Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Jul 2015 09:18:55 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Cc: David Howells <dhowells@...hat.com>,
	Colin Ian King <colin.king@...onical.com>, security@...ntu.com
Subject: Security issue in Linux Kernel Keyring (CVE-2015-1333)

While improving the system call coverage in stress-ng[1], Colin Ian King
discovered a bug in the Linux kernel keyring that can be used to cause a
local denial of service due to memory exhaustion when the same key is
repeatedly added to the kernel keyring via the add_key() syscall.

This issue has been assigned CVE-2015-1333.

I've attached the fix since I don't yet have an upstream git commit
hash.

Tyler

[1] http://kernel.ubuntu.com/~cking/stress-ng/

View attachment "CVE-2015-1333.patch" of type "text/x-diff" (1382 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ