Date: Wed, 12 Oct 2016 07:57:36 +0200 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Cc: marco.gra@...il.com, cve-assign@...re.org Subject: Re: Re: linux kernel do_blockdev_direct_IO invalid memory access On Tue, Oct 11, 2016 at 12:27:08PM -0400, cve-assign@...re.org wrote: > > BUG: KASAN: wild-memory-access on address 0005080000000000 > > https://gist.github.com/marcograss/40850adb3c599ac38e0beac31617d56b > > > > int fd = open("./hurrdurr", O_APPEND|O_RDWR|0x40); > > fcntl(fd, 4, 0x44000, 0, 0, 0); > > fallocate(fd, 0, 0x21, 0xafa6); > > sendfile(fd, fd, &offset, 0x800); > > Use CVE-2016-8601. That was fast, and pointless, as the bug has never been in a -rc kernel release, and is currently fixed in Linus's tree. So please mark this CVE as "unused" or however you withdraw a CVE, as it doesn't affect anyone. thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ