Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 12:26:33 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Cc: David Howells <dhowells@...hat.com>,
	Colin Ian King <colin.king@...onical.com>, security@...ntu.com
Subject: Re: Security issue in Linux Kernel Keyring
 (CVE-2015-1333)

On 2015-07-27 09:18:55, Tyler Hicks wrote:
> While improving the system call coverage in stress-ng[1], Colin Ian King
> discovered a bug in the Linux kernel keyring that can be used to cause a
> local denial of service due to memory exhaustion when the same key is
> repeatedly added to the kernel keyring via the add_key() syscall.
> 
> This issue has been assigned CVE-2015-1333.

mancha pinged me on IRC while trying to figure out what kernel versions
are affected and I realized that I forgot to include an import detail in
my original email.

The following commit introduced the issue:

  commit 034faeb9ef390d58239e1dce748143f6b35a0d9b
  Date:   Wed Oct 30 11:15:24 2013 +0000
  
      KEYS: Fix keyring quota misaccounting on key replacement and unlink

Which means that v3.13 and newer kernels are affected:

  $ git describe --contains 034faeb9ef390d58239e1dce748143f6b35a0d9b
  v3.13-rc1~18^2~6^2~2

Tyler

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.