Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAG48ez04TXacCC8-PSw_gHofAux6tfxXBU6EMGpoqL=KzevKuw@mail.gmail.com>
Date: Mon, 29 Apr 2019 14:56:06 -0400
From: Jann Horn <jannhorn@...glemail.com>
To: oss-security@...ts.openwall.com
Subject: Linux kernel: multiple issues

Here are several issues that became public somewhat recently:

== page->_refcount overflow via FUSE with ~140GiB RAM usage ==
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b3a707736301c2128ca85ce85fb13f60b5e350a
https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
CVE-2019-11487
NOTE: not relevant (AFAIK) on machines with normal amounts of physical memory

== missing locking in Siemens R3964 line discipline ==
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c7084edc3f6d67750f50d4183134c4fb5712a5c8
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169
https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
CVE-2019-11486
NOTE: Rather than fixing the various issues in the driver, the commit
marks the driver as BROKEN to keep people from building it. If you
actually use the Siemens R3964 line discipline for talking to
Programmable Logic Controllers, or something like that, you may want
to reach out to gregkh and help test things - see the commit message.

== missing locking between ELF coredump code and userfaultfd VMA modification ==
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
CVE-2019-11599

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.