Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0809041249440.29613@faron.mitre.org>
Date: Thu, 4 Sep 2008 12:49:51 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: coley@...re.org
Subject: Re: CVE request: kernel: dio: zero struct dio with
 kzalloc instead of manually


======================================================
Name: CVE-2007-6716
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6716
Reference: MLIST:[linux-kernel] 20070731 Re: [PATCH] add check do_direct_IO() return val
Reference: URL:http://lkml.org/lkml/2007/7/30/448
Reference: MLIST:[oss-security] 20080904 CVE request: kernel: dio: zero struct dio with kzalloc instead of manually
Reference: URL:http://www.openwall.com/lists/oss-security/2008/09/04/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=848c4dd5153c7a0de55470ce99a8e13a63b4703f
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=461082
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23
does not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio
test.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.