Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Nov 2012 16:21:19 +0100
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request -- Linux kernel: mm/hotplug:
	failure in propagating hot-added memory to other nodes

On Sun, Nov 11, 2012 at 12:19:13AM -0700, Kurt Seifried wrote:
> On 11/10/2012 02:36 PM, Petr Matousek wrote:
> > A NULL pointer dereference flaw has been found in the way a new
> > node's hot-added memory is propagated to other nodes zonelists. An
> > unprivileged local user can use this flaw to crash the system.
> > 
> > Upstream fix: 
> > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=08dff7b7d629807dbb1f398c68dd9cd58dd657a1
> >
> >  References: https://bugzilla.redhat.com/show_bug.cgi?id=875374
> > 
> > Thanks,
> 
> Please use CVE-2012-5517 for this issue.

Our Mel Gorman wonders how this is a security issue.

A local attacker would need to wait for the administrator to hot-add
memory, which seems unlikely on first thought?

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.