Date: Wed, 14 May 2014 18:41:14 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss security list <oss-security@...ts.openwall.com> Subject: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference Hello, Linux kernel built with the fast userspace mutexes(CONFIG_FUTEX) support is vulnerable to a NULL pointer dereference flaw. It could occur when a waiting task requests wait to be re-queued from non-PI futex to a PI-aware futex via FUTEX_WAIT_REQUEUE_PI operation. An unprivileged user/program could use this flaw to crash the system kernel resulting in DoS. Upstream fix: ------------- -> https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef Introduced in: -------------- -> https://git.kernel.org/linus/52400ba946759af28442dee6265c5c0180ac7122 Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.