Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 2 Mar 2016 17:55:48 -0600
From: Tyler Hicks <>
Cc: Miklos Szeredi <>,
	Colin Ian King <>,
Subject: CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver

Colin Ian King discovered a kernel memory leak in the CUSE driver using
stress-ng. A local denial of service, via memory exhaustion, is possible
if the attacker has sufficient privileges to repeatedly open /dev/cuse
for reading.

In Ubuntu, /dev/cuse is only readable by root so this flaw was deemed to
have a very low impact. I'm unsure of the default permissions in other

CVE-2015-1339 was assigned to the issue.

Introduced in 4.2:
Fixed in 4.4:


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.