Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 May 2016 15:14:55 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: Ben Hutchings <benh@...ian.org>
Subject: CVE Requests: Linux: BPF flaws (one use-after-free / local root
 privilege escalation)

A use-after-free flaw via double-fdput in bpf was recently fixed in
Linux. Details:

https://bugs.chromium.org/p/project-zero/issues/detail?id=808

Fixed via:
https://git.kernel.org/linus/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7

And as well reported/forwarded in Debian:
https://bugs.debian.org/823603

Could you please assign a CVE for this issue?

The following two might as well warrant a CVE (Ben Hutchings CC'ed has
already applied those to the packaging repository in Debian):

bpf: fix refcnt overflow:
https://git.kernel.org/linus/92117d8443bc5afacc8d5ba82e541946310f106e

bpf: fix check_map_func_compatibility logic
https://git.kernel.org/linus/6aff67c85c9e5a4bc99e5211c1bac547936626ca

Not sure though if the later one has a security impact. The bug
allowed generic map functions to be applied to special map types
(program, perf events) that did not support them properly.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ