Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 May 2016 15:14:55 +0200
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Cc: Ben Hutchings <>
Subject: CVE Requests: Linux: BPF flaws (one use-after-free / local root
 privilege escalation)

A use-after-free flaw via double-fdput in bpf was recently fixed in
Linux. Details:

Fixed via:

And as well reported/forwarded in Debian:

Could you please assign a CVE for this issue?

The following two might as well warrant a CVE (Ben Hutchings CC'ed has
already applied those to the packaging repository in Debian):

bpf: fix refcnt overflow:

bpf: fix check_map_func_compatibility logic

Not sure though if the later one has a security impact. The bug
allowed generic map functions to be applied to special map types
(program, perf events) that did not support them properly.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.