Date: Mon, 9 May 2016 10:53:39 -0700 From: Jann Horn <jannh@...gle.com> To: oss-security@...ts.openwall.com Cc: carnil@...ian.org, cve-assign@...re.org Subject: Re: Re: CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) On Fri, May 6, 2016 at 8:40 AM, <cve-assign@...re.org> wrote: >> bpf: fix check_map_func_compatibility logic >> https://git.kernel.org/linus/6aff67c85c9e5a4bc99e5211c1bac547936626ca >> >> Not sure though if the later one has a security impact. > > We have not yet assigned a CVE ID to > 6aff67c85c9e5a4bc99e5211c1bac547936626ca in case someone else wants to > provide additional information. I'm the original reporter of that bug. As far as I can tell, its impact is low - you could use it to: - obtain the ability to execute BPF programs that are owned by other processes - perhaps cause a NULL dereference in an exiting task if the BPF program is executed in softirq context after exit_files() has nulled tsk->files
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.