Date: Mon, 16 Nov 2015 11:16:15 -0200 From: Fabio Olive Leite <fleite@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request-HUAWEI P8 GRA-UL00 On Monday 16 November 2015 15:56:52 Solar Designer wrote: > It is unclear whether this makes the vulnerability detail ... Is it really a vulnerability? All the code does is read 4 bytes from a proc file, and reads that into address 0 in the process, which will very likely kill it unless that page is mapped somehow, which the code does not make any attempt to. Is the OP mistaking a crashed userlevel process with a system-wide crash? Cheers, -- Fábio Olivé Leite, Red Hat Product Security F1C1 1876 3922 1906 6631 0C31 92A5 9276 250D 8380 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ