Date: Sun, 15 May 2016 19:05:54 +0800 From: Baozeng Ding <sploving1@...il.com> To: oss-security@...ts.openwall.com, cve-assign@...re.org Cc: g.nault@...halink.fr Subject: Re: CVE Requests: Linux: use-after-free issue for ppp channel It was introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=273ec51dd7ceaa76e038875d85061ec856d8905e Fixed in linux-stable 4.5.4 and longterm 3.2.80, 3.12.59, 3.14.69, 3.16.35, 4.4.10. On 2016/5/11 23:37, Baozeng Ding wrote: > Hi all, > The ppp channel did not take reference on its network namespace > when it was registered and unregistered, which causes a use-after-free > issue. Details: > https://lkml.org/lkml/2016/3/17/569 > Fixed via: > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 > > > Could you please assign a CVE for this issue? Thanks. > > Best Regards, > Baozeng
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ