Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 18 Nov 2015 07:40:58 -0500 (EST)
From: cve-assign@...re.org
To: wmealing@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://forums.grsecurity.net/viewtopic.php?f=3&t=4150

> https://lkml.org/lkml/2014/5/15/532
> eventpoll __list_del_entry corruption

> https://lkml.org/lkml/2013/10/14/424
> Re: epoll oops.

> http://www.spinics.net/lists/netdev/msg318826.html
> [PATCH net] af_unix: don't poll dead peers

> https://lkml.org/lkml/2015/9/13/195
> List corruption on epoll_ctl(EPOLL_CTL_DEL)
> AF_UNIX socket

> https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8
> Use-after-free in ep_remove_wait_queue

> https://bugzilla.redhat.com/show_bug.cgi?id=1282688
> Unix sockets use after free - peer_wait_queue prematurely freed
>
> A flaw was found in the Linux kernel's implementation of Unix sockets(AF_UNIX). A
> server polling for data coming from a client socket may put the peer
> socket on a wait list. This peer may close the connection making
> the reference on the wait list no longer valid. A determined attacker
> could poison this memory and lead to bypassing permissions on a the socket,
> and packets being injected into the stream. This may also panic the machine.

Use CVE-2013-7446.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWTHAWAAoJEL54rhJi8gl5RAQQAKe8eoD2rfjGta3FfDkU9RUU
62Qx2Cdvggp2Z921D9KYzOnBBzEC0D5FkZDLBPEbrZQxrhIW4i6qdsEkJG5JvED6
cipsXz9VoIJtDhmfl2t16OmveEOk2Cu6U1qlJ3dnbXxLl3bH/Q/iP0fm18nSGR/Z
3NexudadJUobLvxtjbaama+s3J5OYa2TuXrAhBut9+gkACHvJW7Rt+25jTu8ziCD
ndJ+0UD9HOiJ/eJsXSyJ7MNvcVYdJdj8YkbWdEJPODpLyTEDGZ5eKIPbhwrImP/Q
7rXKqQXUe5mEiklwxKOCHdTjRbFRVajHpqMWj0nobXM+mCFNxzsIfzLQoeFSQv+I
hSNGj0R6Hi6NtIioKq4m3P3M9Vl7ZReZx+RquQvKXF3AAm5BkhnOrPkQZtvrEXV6
x5jDRxixLkQsvskwNevTfuwBQxEkZSl0kbvKTkDLudpvFZFDqv8aa8Qi2tOMH4ZP
Sh7y6v+TvNhaDs/VMb5LQRG2teI2b87lqaygSyBjQJA3F2o+zJWxSd1iR5hH/RR9
XVX0IdMX+4kxO2XDMBava9xmllF+K4ipEYiJKFWkng1zQVNKzoShu8h1CRQXVZ/6
Hw+LUrzN8eyf7O3uB3VyMOWqRBjXBNygoVjSKU8KMcCJc7xW3M0uYIuZRybrWmPA
zwOIRg/G/qOu1IOqKBzk
=lWXE
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ