Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160506131455.GA17272@lorien.valinor.li>
Date: Fri, 6 May 2016 15:14:55 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: Ben Hutchings <benh@...ian.org>
Subject: CVE Requests: Linux: BPF flaws (one use-after-free / local root
 privilege escalation)

A use-after-free flaw via double-fdput in bpf was recently fixed in
Linux. Details:

https://bugs.chromium.org/p/project-zero/issues/detail?id=808

Fixed via:
https://git.kernel.org/linus/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7

And as well reported/forwarded in Debian:
https://bugs.debian.org/823603

Could you please assign a CVE for this issue?

The following two might as well warrant a CVE (Ben Hutchings CC'ed has
already applied those to the packaging repository in Debian):

bpf: fix refcnt overflow:
https://git.kernel.org/linus/92117d8443bc5afacc8d5ba82e541946310f106e

bpf: fix check_map_func_compatibility logic
https://git.kernel.org/linus/6aff67c85c9e5a4bc99e5211c1bac547936626ca

Not sure though if the later one has a security impact. The bug
allowed generic map functions to be applied to special map types
(program, perf events) that did not support them properly.

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.