Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Oct 2016 12:27:08 -0400 (EDT)
From: cve-assign@...re.org
To: marco.gra@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: linux kernel do_blockdev_direct_IO invalid memory access

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> BUG: KASAN: wild-memory-access on address 0005080000000000
> https://gist.github.com/marcograss/40850adb3c599ac38e0beac31617d56b
> 
>   int fd = open("./hurrdurr", O_APPEND|O_RDWR|0x40);
>   fcntl(fd, 4, 0x44000, 0, 0, 0);
>   fallocate(fd, 0, 0x21, 0xafa6);
>   sendfile(fd, fd, &offset, 0x800);

Use CVE-2016-8601.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX/RJEAAoJEHb/MwWLVhi2yj0P/2qJJyACywfMz3qISvkHem8T
8vS2DrjBIC2LWMFAJZUuoI0qoA4sZ5B6MQKPEEbDE9F0GSwRWXMeddl1xjpEyhh1
BwVYgfRfjYZIdgo6HQnlP4BiFlArELn6PZqLxbP0JqvOVrdWKrI0Snw8oyV5KoO1
+oSbgpTiYIVsxfolgbk/LSSEuv7w+1KZMQGVmEpUt5aerASDbFlOYLRnXbgThaM9
BYjjpfYGJ7iC4F+MUwCOLH8BUw0QMQsUJ33AgjVvpCa9d/XajJN44ToBYfNghOYq
cGKUOtB7P6abUxVYPJWFWT7Hyn3d/OBsY4tE5Rx6yTfNg7z6MFjhdzhy92QclbqA
jJnKGvNSjUXoiBKh3SqZ/bL8pLlzVvXxkW8sjLlfIcKP8VicGRQtV7gphQnb6MXK
2rEp1qlTbNmyvnJ6HCLa83XjuYs81ngOzU3vXJ7BDhh0V5vLvyN1hwg9b+V4kL3A
6yrACwIWOwxyAvUaXLUn+jAO1LWIKmWYOf7ok1xbSNhRlD/x2/RON+CR05S7jEX9
QXTibJFWYNbslLPSYhgDSR7j8lLgbRmlppl/SFP5TBDeYB+FyvtnHCdRen/XCvZQ
mEN+1cBwmQ48w2X/gE8ZI957LCnWzJsbwFdrj9ECueVgf/P0vfE/4isxVsgbnOPe
ALHNeskNgkbeDnKt5ymx
=wgdQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ