Date: Sat, 21 May 2016 19:21:56 +0800 From: Baozeng Ding <sploving1@...il.com> To: oss-security@...ts.openwall.com, cve-assign@...re.org Cc: richard.alpe@...csson.com Subject: CVE request: -- Linux kernel: Null pointer dereference in tipc_nl_publ_dump Hello, Without checking the pointer to the netlink socket attribute, it could cause a null pointer dereference when parsing the nested attributes in function tipc_nl_publ_dump. It allows local users to cause a denial of service. This vulnerability affects Linux kernel versions from 3.19 to 4.6. References: http://lists.openwall.net/netdev/2016/05/14/28 http://lists.openwall.net/netdev/2016/05/16/26 Fixed via: https://github.com/torvalds/linux/commit/45e093ae2830cd1264677d47ff9a95a71f5d9f9c Introduce by: https://github.com/torvalds/linux/commit/1a1a143daf84db95dd7212086042004a3abb7bc2 Could you please assign a CVE for this vulnerability? Thank you. Best Regards, Baozeng Ding, Alibaba Mobile Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ