Date: Mon, 27 Jul 2015 09:18:55 -0500 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Cc: David Howells <dhowells@...hat.com>, Colin Ian King <colin.king@...onical.com>, security@...ntu.com Subject: Security issue in Linux Kernel Keyring (CVE-2015-1333) While improving the system call coverage in stress-ng, Colin Ian King discovered a bug in the Linux kernel keyring that can be used to cause a local denial of service due to memory exhaustion when the same key is repeatedly added to the kernel keyring via the add_key() syscall. This issue has been assigned CVE-2015-1333. I've attached the fix since I don't yet have an upstream git commit hash. Tyler  http://kernel.ubuntu.com/~cking/stress-ng/ View attachment "CVE-2015-1333.patch" of type "text/x-diff" (1382 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ