Date: Wed, 4 Jul 2012 09:19:50 +0200 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP An epoll_ctl(,EPOLL_CTL_ADD,,) operation can return '-ELOOP' to prevent circular epoll dependencies from being created. However, in that case we do not properly clear the 'tfile_check_list'. An unprivileged local user could use this flaw to crash the system. Regression introduced via 28d82dc1c4edbc352129f97f4ca22624d1fe61de commit. Upstream fix: 13d518074a952d33d47c428419693f63389547e9 References: https://lkml.org/lkml/2012/3/27/65 https://lkml.org/lkml/2012/4/17/247 https://bugzilla.redhat.com/show_bug.cgi?id=837502 Thanks, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.