Date: Thu, 17 Sep 2015 20:54:20 +0200 From: Marcus Meissner <meissner@...e.de> To: Steve Dickson <SteveD@...hat.com> Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, Olaf Kirch <okir@...e.de> Subject: Re: CVE Request: remote triggerable use-after-free in rpcbind On Thu, Sep 17, 2015 at 02:51:26PM -0400, Steve Dickson wrote: > > > On 09/17/2015 12:20 PM, cve-assign@...re.org wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > >> http://www.spinics.net/lists/linux-nfs/msg53045.html > >> https://bugzilla.suse.com/show_bug.cgi?id=946204 > > > >> frees the netbuf caller_addr and caller_addr.buf. However, it does not > >> clear xp_rtaddr, so xp_rtaddr.buf now refers to memory region A, which > >> is free. > >> > >> ... It will reuse the buffer inside xp_rtaddr > > > > Use CVE-2015-7236. > Will there be a bz opened up? Where should I open it? kernel.org? Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ