Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 6 Jan 2021 11:59:28 -0800
From: Anthony Liguori <aliguori@...zon.com>
To: <oss-security@...ts.openwall.com>
CC: <security@...nel.org>, <luolikang@...ocus.com>
Subject: A security vulnerability in linux kernel 5.8.10

The following message was sent to the distros@ list.  Unfortunate the
sender was not responsive and it's unclear if it's actually an issue.
The report overall did not follow the policies of the list with the
information provided.

Per the distros list policy, we've past the 14 day mark and even with a
little extra time due to the holiday, this needs to be made public.

Posting follows below.

Regards,

Anthony Liguori

Subject: A security vulnerability in linux kernel 5.8.10
To: security@...nel.org
Cc: linux-distros@...openwall.org
Date: Fri, 18 Dec 2020 16:53:59 +0800

¢þË: 梵 <luolikang@...ocus.com> 
¢Íʱä: 2020ê12Â18Õ 13:23
Õ¼È: 'security@...nel.org' <security@...nel.org>
։: change the poc

Sorry , please use this poc

¢þË: 梵 <luolikang@...ocus.com <mailto:luolikang@...ocus.com> > 
¢Íʱä: 2020ê12Â18Õ 11:46
Õ¼È: 'security@...nel.org' <security@...nel.org
<mailto:security@...nel.org> >
։: A security vulnerability in linux kernel 5.8.10

Hello,
I have found a security vulnerability in linux kernel 5.8.10. When I use the
DCCP protocol to establish a connection, the kernel will crash.

My analysis are followed: When call the  ___slab_alloc function, it will
enter the new_slab branch, and the new_slab_objects will return a normal
freelist, but in  alloc_debug_processing, it will change the second object
ptr in freelist to an invalid address,and then cause dos.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.