Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 17 Aug 2015 23:45:55 -0400 (EDT)
From: Wade Mealing <wmealing@...hat.com>
To: OSS Security List <oss-security@...ts.openwall.com>
Cc: cve-assign@...re.org
Subject: CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD

Gday,

I'd like to request a CVE for the following issue:

A flaw was found in the way Linux kernel's vhost driver treated userspace
provided log fd while processing VHOST_SET_LOG_FD ioctl command. A
privileged local user with access to the /dev/vhost-net files.  The
provided descriptor would never be released and consume kernel memory.

Usually this /dev/vhost-net file(s) have write access with
root permissions but applications may access it with privileged 
access through libvirt or other virtualisation.

A file descriptor may waste memory for each VHOST_SET_LOG_FD command issued, eventually
wasting available system resources creating a denial of service.

Thanks,

Wade Mealing
Red Hat Product Security

Patch:
https://lkml.org/lkml/2015/8/10/375

Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1251839

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.