Date: Mon, 17 Aug 2015 15:52:17 +0200 From: Jan Kara <jack@...e.cz> To: oss-security@...ts.openwall.com Subject: CVE-2015-5706: kernel: Use-after-free in path lookup Hello, when looking into a fix for above CVE (commit f15133df088 in Linux kernel git tree) I found out that the commit description is wrong and the problem wasn't introduced by commit 60545d0d4610 in 3.11 but only by commit 5e53084d7734 "path_init(): store the "base" pointer to file in nameidata itself" in 3.19. So the fix doesn't have to backported all the way back to 3.11. For detailed analysis feel free to see: https://bugzilla.suse.com/show_bug.cgi?id=940339 Honza -- Jan Kara <jack@...e.com> SUSE Labs, CR
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ