Date: Sun, 15 May 2016 19:05:54 +0800 From: Baozeng Ding <sploving1@...il.com> To: oss-security@...ts.openwall.com, cve-assign@...re.org Cc: g.nault@...halink.fr Subject: Re: CVE Requests: Linux: use-after-free issue for ppp channel It was introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=273ec51dd7ceaa76e038875d85061ec856d8905e Fixed in linux-stable 4.5.4 and longterm 3.2.80, 3.12.59, 3.14.69, 3.16.35, 4.4.10. On 2016/5/11 23:37, Baozeng Ding wrote: > Hi all, > The ppp channel did not take reference on its network namespace > when it was registered and unregistered, which causes a use-after-free > issue. Details: > https://lkml.org/lkml/2016/3/17/569 > Fixed via: > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 > > > Could you please assign a CVE for this issue? Thanks. > > Best Regards, > Baozeng
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.