Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 19 Jan 2009 11:40:37 +0000 (GMT)
From: Mark J Cox <mjc@...hat.com>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE-2009-0031 kernel: local denial of service in
 keyctl_join_session_keyring

According to upstream commit 0d54ee1c7850a954026deec4cd4885f331da35cc 
"security: introduce missing kfree" there is a missing kfree in 
keyctl_join_session_keyring.

It looks like a local user could eventually cause a DoS by using up kernel 
memory, so I assigned this CVE-2009-0031.

http://git2.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d54ee1c7850a954026deec4cd4885f331da35cc

Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.