Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Mar 2009 20:39:33 -0400 (EDT)
From: "Steven M. Christey" <>
cc: "Steven M. Christey" <>
Subject: Re: CVE request: kernel: inotify local DoS

Name: CVE-2009-0935
Status: Candidate
Reference: MLIST:[linux-kernel] 20090131 [patch 03/43] inotify: clean up inotify_read and fix locking
Reference: URL:
Reference: MLIST:[oss-security] 20090306 CVE request: kernel: inotify local DoS
Reference: URL:
Reference: CONFIRM:

The inotify_read function in the Linux kernel 2.6 before 2.6.29-rc3
allows local users to cause a denial of service (OOPS) via a read with
an invalid address to an inotify instance, which causes the device's
event list mutex to be unlocked twice and prevents proper
synchronization of a data structure for the inotify instance.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.