Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Mar 2015 20:46:39 +0100
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: Linux kernel: tty: kobject reference
 leakage in tty_open

On Fri, Mar 13, 2015 at 11:30:23PM +0530, P J P wrote:
>    Hello,
> 
> Linux kernel built with the virtual console support(CONFIG_VT) is vulnerable
> to a NULL pointer dereference issue. It could occur while accessing pseudo
> terminal device(/dev/pts/*) files.
> 
> An unprivileged user could use this flaw to crash the system kernel resulting
> in DoS.
> 
> Upstream fix:
> -------------
>    -> https://git.kernel.org/linus/c290f8358acaeffd8e0c551ddcc24d1206143376

Digging up patches from 2011?  Why?  It should have long-ago been
backported to all relevant kernel releases from any company that has a
kernel that is still supported today that is older than the 3.2 release
and newer than 2.6.28.

And if you are a company that is ignoring stable kernel patches for
their old kernel releases, well, that's just not very wise :)

What does asking for a CVE for such an old issue help with?

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.