Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 28 Oct 2015 00:57:16 -0400 (EDT)
From: cve-assign@...re.org
To: quentin.casasnovas@...cle.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE-2015-6937 - Linux kernel - NULL pointer dereference in net/rds/connection.c

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>> CVE-2015-6937 has been assigned to this issue that is exploitable "on
>> sockets that weren't properly bound before attempting to send a
>> message":
>>
>>   https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=74e98eb085889b0d2d4908f59f6e00026063014f
 
> The above fix is incomplete and still allows to trigger a NULL pointer
> dereference when sending a message.  The root cause of this problem is a
> race condition when checking that the socket is bound in rds_sendmsg(),
> more information and a complete fix can be found here:
> 
>   https://lkml.org/lkml/2015/10/16/530
> 
> It should hit Linus' tree soon but since distributions already started
> shipping the incomplete fix, ...

Use CVE-2015-7990 for the vulnerability that remains present after the
74e98eb085889b0d2d4908f59f6e00026063014f commit.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWMFSAAAoJEL54rhJi8gl5uLsQALnjDW0KqA0GdufltOgGh5oy
HhFSvZirdqBkB+tSGn2J18yHKSB0wmcdlnGHMOVjCMTIAQCK5LYR/PsBoSid4rn+
xCUnmh8+OoZEt8d5ukMVlOT6iQ6p/aqyoCnjMdRmEsK+lxVNb2Ew1OFAOvyYehWw
Lf3QK7CO66IRbcxAtHn+3AEVcA8mEJv/0fskIdiAEi3BVZ0u+V1SKjdwRivYmxV8
4yWi8EW/SVtZ7YEx64uOdWw8vJwo95YC4gVrkRBU4SYLF0W/b59+H/J2BRMzUHwG
N6JUUrvDA00yx4wOqJidqR1IVY/LaqohoF6AWBaQ8hczBK/mnUuObnPBBAjS3NxH
f/9g+E9R5QNBvFgzEImrC0fOYaKOmJqkb3zzIxrWAqMLcYiAehwpqp8NATEIhcQy
GoxqZIlUIkIZcLBFvmRoLX0fF5ZLuwCJSh9r91oOlNjVKPYSa2ZVSSbN6x2m8Sn8
/RyQBtxeFMgeymzF1XPCXJh17HCwpt4zYrZJf0Co6sbuatHw6FjyXLSnhNZ9DcLx
qgfqAVQwHw+xqquEioRhKlzRld/+xz6tgtseTTHk/Tcawx3slH9zTy2slQW745Rl
AcSLLCvlthPfhx3kNXjITaQ3WKaGTVsCHTuvhkxC2fyC6cAMYdPBDnuLMhZg6gKT
HCjDdydb6XKjWdCO12pV
=w9IK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ