Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 18 Nov 2015 10:14:52 +0100
From: Mathias Krause <minipli@...glemail.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE request - Linux kernel - Unix sockets use
 after free - peer_wait_queue prematurely freed

On 18 November 2015 at 08:57, Wade Mealing <wmealing@...hat.com> wrote:
> [...]
>
> Original discussion:
> - https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8

Just for reference... There was an independent discovery earlier this
year, tracked in [1]. Even earlier discoveries ([2,3]) missed the
connection to AF_UNIX. [1] eventually lead to the incomplete patch [4]
and, after multiple non-public ineffective attempts on fixing the
issue, to the netdev posting [5]. That's where Jason and Rainer
started to post patches fixing the issue. However, none of the patches
has been applied yet.


Thanks,
Mathias

[1] https://forums.grsecurity.net/viewtopic.php?f=3&t=4150
[2] https://lkml.org/lkml/2014/5/15/532
[3] https://lkml.org/lkml/2013/10/14/424
[4] http://www.spinics.net/lists/netdev/msg318826.html
[5] https://lkml.org/lkml/2015/9/13/195

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.