Date: Mon, 9 May 2016 10:53:39 -0700 From: Jann Horn <jannh@...gle.com> To: oss-security@...ts.openwall.com Cc: carnil@...ian.org, cve-assign@...re.org Subject: Re: Re: CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) On Fri, May 6, 2016 at 8:40 AM, <cve-assign@...re.org> wrote: >> bpf: fix check_map_func_compatibility logic >> https://git.kernel.org/linus/6aff67c85c9e5a4bc99e5211c1bac547936626ca >> >> Not sure though if the later one has a security impact. > > We have not yet assigned a CVE ID to > 6aff67c85c9e5a4bc99e5211c1bac547936626ca in case someone else wants to > provide additional information. I'm the original reporter of that bug. As far as I can tell, its impact is low - you could use it to: - obtain the ability to execute BPF programs that are owned by other processes - perhaps cause a NULL dereference in an exiting task if the BPF program is executed in softirq context after exit_files() has nulled tsk->files
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ