Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2e838ffb-2a57-79ff-812c-3baf554e22f9@redhat.com>
Date: Mon, 8 Aug 2022 17:58:17 +0200
From: David Hildenbrand <david@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without
 write permissions

On 08.08.22 09:18, David Hildenbrand wrote:
> Hi,
> 
> I found a security issue (CVE-2022-2590) in the Linux kernel similar to
> Dirty COW (CVE-2016-5195), however, restricted to shared memory (shmem /
> tmpfs). I notified distributions one week ago and the embargo ended today.

I forgot to add an important part: Nadav Amit raised [1] that the dirty
bit is possibly problematic and essentially participated to the
discovery of this security issue.

s/I found/Nadav and I found/

Credit where credit is due.

[1] https://lore.kernel.org/all/20220619233449.181323-4-namit@vmware.com/

-- 
Thanks,

David / dhildenb

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.