Date: Mon, 27 Jul 2015 09:18:55 -0500 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Cc: David Howells <dhowells@...hat.com>, Colin Ian King <colin.king@...onical.com>, security@...ntu.com Subject: Security issue in Linux Kernel Keyring (CVE-2015-1333) While improving the system call coverage in stress-ng, Colin Ian King discovered a bug in the Linux kernel keyring that can be used to cause a local denial of service due to memory exhaustion when the same key is repeatedly added to the kernel keyring via the add_key() syscall. This issue has been assigned CVE-2015-1333. I've attached the fix since I don't yet have an upstream git commit hash. Tyler  http://kernel.ubuntu.com/~cking/stress-ng/ View attachment "CVE-2015-1333.patch" of type "text/x-diff" (1382 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.