Date: Mon, 19 Jan 2009 11:40:37 +0000 (GMT) From: Mark J Cox <mjc@...hat.com> To: oss-security@...ts.openwall.com cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE-2009-0031 kernel: local denial of service in keyctl_join_session_keyring According to upstream commit 0d54ee1c7850a954026deec4cd4885f331da35cc "security: introduce missing kfree" there is a missing kfree in keyctl_join_session_keyring. It looks like a local user could eventually cause a DoS by using up kernel memory, so I assigned this CVE-2009-0031. http://git2.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d54ee1c7850a954026deec4cd4885f331da35cc Thanks, Mark -- Mark J Cox / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.