Date: Wed, 24 Mar 2010 09:40:58 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE requests 6x kernel vulns still pending >> 3) kernel: NFS DoS related to "automount" symlinks > > What exactly is the DoS that happens here? NULL pointer dereference. >> 5) kernel: NFS: Fix an Oops when truncating a file > > I assume that nfs_wait_on_request() can be influenced by a non-root user > to generate the interrupt that triggers the Ooops? If the non-root user kills the task while truncating the file, this could lead to the existence of unmapped pages that still have an attached nfs_page structure in page->private. nfs_wb_page_cancel() waits for I/O to complete, and when it completes, it will find itself with an unmapped page and oops. > All of these will be filled in sometime Wednesday. > > - Steve Thanks! Eugene -- Eugene Teo / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.