Date: Wed, 2 Mar 2016 17:55:48 -0600 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Cc: Miklos Szeredi <miklos@...redi.hu>, Colin Ian King <colin.king@...onical.com>, security@...ntu.com Subject: CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver Colin Ian King discovered a kernel memory leak in the CUSE driver using stress-ng. A local denial of service, via memory exhaustion, is possible if the attacker has sufficient privileges to repeatedly open /dev/cuse for reading. In Ubuntu, /dev/cuse is only readable by root so this flaw was deemed to have a very low impact. I'm unsure of the default permissions in other distributions. CVE-2015-1339 was assigned to the issue. Introduced in 4.2: https://git.kernel.org/linus/cc080e9e9be16ccf26135d366d7d2b65209f1d56 Fixed in 4.4: https://git.kernel.org/linus/2c5816b4beccc8ba709144539f6fdd764f8fa49c Tyler Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.