Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5568F402.2050904@kernel.org>
Date: Fri, 29 May 2015 16:19:30 -0700
From: Andy Lutomirski <luto@...nel.org>
To: oss-security@...ts.openwall.com
CC: drew@...dstorm.io
Subject: Re: CVE request Linux kernel: ns: user namespaces panic

On 05/29/2015 09:35 AM, P J P wrote:
>     Hello,
>
> Linux kernel built with the user namespaces support(CONFIG_USER_NS) is
> vulnerable to a NULL pointer dereference flaw. It could occur when users
> in user namespaces do unmount mounts.
>
> An unprivileged user could use this flaw to crash the system resulting
> in DoS.
>
> Upstream fixes:
> ---------------
>    -> https://git.kernel.org/linus/820f9f147dcce2602eefd9b575bbbd9ea14f0953
>    -> https://git.kernel.org/linus/cd4a40174b71acd021877341684d8bb1dc8ea4ae
>
> It was introduced by:
> ---------------------
>    -> https://git.kernel.org/linus/ce07d891a0891d3c0d0c2d73d577490486b809e1
>
> Thank you Drew Fisher for reporting this issue to Fedora Security Team.

To clarify further: this is a regression in Linux 4.0.2 and will be 
fixed in Linux 4.0.5.  It has been independently reported by at least 
Kenton Varda and Alexander Larsson.  I think that Eric Biederman also 
reported it to linux-stable at some point.

--Andy

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.