Date: Wed, 6 Jan 2021 11:59:28 -0800 From: Anthony Liguori <aliguori@...zon.com> To: <oss-security@...ts.openwall.com> CC: <security@...nel.org>, <luolikang@...ocus.com> Subject: A security vulnerability in linux kernel 5.8.10 The following message was sent to the distros@ list. Unfortunate the sender was not responsive and it's unclear if it's actually an issue. The report overall did not follow the policies of the list with the information provided. Per the distros list policy, we've past the 14 day mark and even with a little extra time due to the holiday, this needs to be made public. Posting follows below. Regards, Anthony Liguori Subject: A security vulnerability in linux kernel 5.8.10 To: security@...nel.org Cc: linux-distros@...openwall.org Date: Fri, 18 Dec 2020 16:53:59 +0800 ¢þË: æ¢µ <luolikang@...ocus.com> ¢ÍÊ±ä: 2020ê12Â18Õ 13:23 Õ¼È: 'security@...nel.org' <security@...nel.org> ÷â: change the poc Sorry , please use this poc ¢þË: æ¢µ <luolikang@...ocus.com <mailto:luolikang@...ocus.com> > ¢ÍÊ±ä: 2020ê12Â18Õ 11:46 Õ¼È: 'security@...nel.org' <security@...nel.org <mailto:security@...nel.org> > ÷â: A security vulnerability in linux kernel 5.8.10 Hello, I have found a security vulnerability in linux kernel 5.8.10. When I use the DCCP protocol to establish a connection, the kernel will crash. My analysis are followed: When call the ___slab_alloc function, it will enter the new_slab branch, and the new_slab_objects will return a normal freelist, but in alloc_debug_processing, it will change the second object ptr in freelist to an invalid address,and then cause dos.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.