|
Message-ID: <20150313194639.GA4645@kroah.com> Date: Fri, 13 Mar 2015 20:46:39 +0100 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open On Fri, Mar 13, 2015 at 11:30:23PM +0530, P J P wrote: > Hello, > > Linux kernel built with the virtual console support(CONFIG_VT) is vulnerable > to a NULL pointer dereference issue. It could occur while accessing pseudo > terminal device(/dev/pts/*) files. > > An unprivileged user could use this flaw to crash the system kernel resulting > in DoS. > > Upstream fix: > ------------- > -> https://git.kernel.org/linus/c290f8358acaeffd8e0c551ddcc24d1206143376 Digging up patches from 2011? Why? It should have long-ago been backported to all relevant kernel releases from any company that has a kernel that is still supported today that is older than the 3.2 release and newer than 2.6.28. And if you are a company that is ignoring stable kernel patches for their old kernel releases, well, that's just not very wise :) What does asking for a CVE for such an old issue help with? thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.