Date: Fri, 13 Mar 2015 20:17:21 +0000 From: "Mehaffey, John" <John_Mehaffey@...tor.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: RE: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Hi Greg, To me, it is more of an issue of tracking products which were designed and sold in the vulnerable timeframe, and may still embed these flaws. Most of the embedded market may not be vulnerable to this attack for other reasons, but a CVE would help to track it for the exceptions. A GENIVI head unit that uses logins to implement the IVI user concept comes to mind. Sincerely, John Mehaffey Linux System Architect Mentor Graphics ________________________________________ From: P J P [ppandit@...hat.com] Sent: Friday, March 13, 2015 11:00 AM To: oss security list Subject: [oss-security] CVE request: Linux kernel: tty: kobject reference leakage in tty_open -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Linux kernel built with the virtual console support(CONFIG_VT) is vulnerable to a NULL pointer dereference issue. It could occur while accessing pseudo terminal device(/dev/pts/*) files. An unprivileged user could use this flaw to crash the system kernel resulting in DoS. Upstream fix: - ------------- -> https://git.kernel.org/linus/c290f8358acaeffd8e0c551ddcc24d1206143376 Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVAyW3AAoJEN0TPTL+WwQfOCAP/3z7CRPQj4glHgVFdkxuzk1/ xlXwJJTRYlVDWe2F/lCbeP+jzQne37MzVl8Qma4OA2iAuySsRUQvjkc/6mMB6j+6 9LVg0XV6hlZl0oFmxcWbQlNQLuhJsHOPja863aNvKoDZbh6mVIGi98BOaBjeMQUd Y81pGh5+BFYVk6hhcWPA2Zxok/MW+HN/JjvDqQReILsL5ApqRAxw0EBmZ3YpWBYL oxdRUT2FoRTKB5FFEgm6KAQdTSc9iqnH/QUTE4/s5wMCy20lb6j9bIk7pKkE6VmA XLwtioC/ttNR/Npe2kPXHm3KG4MH8Uftjd3IYdtJeJ7vjjgmPY3jAZZm/dBECWRZ Q9waGh9k8t6pEhaCz4jql21m1uoHLritnrLuAz56dOfh3R6TS46QEKqf7IgaqZ41 psgQQKmX3gy9lyWoWdcWYgCvg5QJaW2lVotTTbCbSs/qfNmqJo2nMzTVL5UxTYic Adj0Y3KvrkIbAjEdyaNmwOMqH2pq8LUb87wDlD4DD7pRzZDFV6vzXA7wL5Za7VOr S8t3VvFfsMPUW+Y2zTdahWiGkgiQXxmFhaOC9KeSWFmgpxDQjJSPtdFdlRdu6gtX 9ZXd7JSkwcFPujAFJ4SHI67ilo1rnqh3n6HZqOtaKTQCn6L7Mnn3ht/vumkxQpbF qjvQJOX+4OcFRe025MOM =ZQtV -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.