Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 May 2016 15:14:55 +0200
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Cc: Ben Hutchings <>
Subject: CVE Requests: Linux: BPF flaws (one use-after-free / local root
 privilege escalation)

A use-after-free flaw via double-fdput in bpf was recently fixed in
Linux. Details:

Fixed via:

And as well reported/forwarded in Debian:

Could you please assign a CVE for this issue?

The following two might as well warrant a CVE (Ben Hutchings CC'ed has
already applied those to the packaging repository in Debian):

bpf: fix refcnt overflow:

bpf: fix check_map_func_compatibility logic

Not sure though if the later one has a security impact. The bug
allowed generic map functions to be applied to special map types
(program, perf events) that did not support them properly.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ