Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20140217085857.GF23689@dhcp-25-225.brq.redhat.com>
Date: Mon, 17 Feb 2014 09:58:58 +0100
From: Petr Matousek <pmatouse@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user
 pointers during uncached writes

A flaw was found in the way cifs handled iovecs with bogus pointers
userland passed down via writev() during uncached writes.

An unprivileged local user with access to cifs share could use this flaw
to crash the system or leak kernel memory. Privilege escalation cannot
be ruled out (since memory corruption is involved), but is unlikely.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0069

Upstream patch:

Patches have been reported to the linux-cifs mailing list:

http://article.gmane.org/gmane.linux.kernel.cifs/9401
http://article.gmane.org/gmane.linux.kernel.cifs/9402

Only the first patch is required to fix the flaw.  The second patch is
to ensure that this does not get hit again in the future by adding
extra protection. 

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team
PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.