Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 14 May 2014 12:16:16 -0400 (EDT)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Linux kernel built with the fast userspace mutexes(CONFIG_FUTEX) support is
> vulnerable to a NULL pointer dereference flaw. It could occur when a waiting
> task requests wait to be re-queued from non-PI futex to a PI-aware futex via
> FUTEX_WAIT_REQUEUE_PI operation.
> 
> An unprivileged user/program could use this flaw to crash the system kernel
> resulting in DoS.
> 
> https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef

Use CVE-2012-6647.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTc5Z5AAoJEKllVAevmvmsmSkH/0eNY313nX9uZpL0ODQFolgq
mNjz1UE8XJd9ZeQYamteDtZu7K4xJfiuqtlImbkBEZ8gCnXuDIwKNisgCnkbpolE
/X8OzQVR3HL/ZVOJhuKtjztMxZenyEIpVNwHFnPWMs2fbsTHYCBP53KdaA1kW1tY
EPZ19X0AroIpMBBh1suzTLcxkIJEOCghQ/2lledEvx05ok+dgTstwe2FJ16tyKX1
M+6WQLhts42Rlhf/07bAMTRf03UsMmeDr9gWLtVsX6JXvzXqYHEEUUIzyDLZQjA+
ezfp/vL6sp67fPj8uz0DKWaJl2dMBk7W6p7fZYed4a66SCsNCgptWxpDsi5IvxI=
=T8n3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.